Fixing SSL licensing issues with Posit/RStudio Connect


While running Posit/RStudio Connect, you may receive this error message: 

Error deactivating product key: (4): Connection to the server failed. Ensure that you have a working internet connection, you've configured any required proxies, and your system's root CA certificate store is up to date; see for more information 

To resolve the issue, please update your list of trusted certificates. We provide the following instructions for doing so, but note that in general, updating trusted certificates is outside of our products and the exact steps needed may vary depending on your environment. If you have any questions, we recommend contacting your system administrators or networking team for assistance.

Updating the Trusted Certificates

     To update on CentOS / RHEL:


 sudo yum update ca-certificates


     To update on Debian/Ubuntu:


 sudo apt-get install --reinstall ca-certificates


If the error persists, you can manually install the CA certificate.

Manually Installing the CA Certificate


To retrieve the root CA and store to rstudio-license.crt, use the following command from the shell.


echo | openssl s_client -showcerts -connect 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | tail -n 32 > rstudio-license.crt


 On RHEL/CentOS 6 & 7:


  1. Enable the dynamic CA configuration feature by running:

    sudo update-ca-trust enable
  2. Copy the CA certificate to the directory /etc/pki/ca-trust/source/anchors/:

    sudo cp rstudio-license.crt /etc/pki/ca-trust/source/anchors/
  3. Extract and add the CA certificate to the list of trusted CA's:

    update-ca-trust extract

 On Debian  / Ubuntu :


  1. Go to /usr/share/ca-certificates/ and create a new folder:

    sudo mkdir /usr/share/ca-certificates/rstudio
  2. Copy the CA certificate to the directory /usr/share/ca-certificates/rstudio:

    sudo cp rstudio-license.crt /usr/share/ca-certificates/rstudio/
  3. Ensure the permissions are 755 for the folder and 644 for the .crt file.  

  4. Then, Extract and add the CA certificate to the list of trusted CA's:

    sudo update-ca-trust extract