[Linux] SSL Certificate Error on Launcher Startup

When I start the BeamMP Launcher (v2.5.1) on Arch Linux, it can’t connect to the backend because of SSL certificate errors. It says it’s “unable to get local issuer certificate,” so it can’t check for updates or download mod data.

[21/7/2025 03:52:53] [INFO] Mod caching directory: ./Resources
[21/7/2025 03:52:53] [INFO] BeamMP Launcher v2.5.1
[21/7/2025 03:52:54] [ERROR] GET to https://backend.beammp.com/sha/launcher?branch=default&pk= failed: SSL peer certificate or SSH remote key was not OK
[21/7/2025 03:52:54] [ERROR] Curl error: SSL certificate problem: unable to get local issuer certificate
[21/7/2025 03:52:54] [ERROR] GET to https://backend.beammp.com/version/launcher?branch=default&pk= failed: SSL peer certificate or SSH remote key was not OK
[21/7/2025 03:52:54] [ERROR] Curl error: SSL certificate problem: unable to get local issuer certificate
[21/7/2025 03:52:54] [INFO] Launcher update  found!
[21/7/2025 03:52:54] [ERROR] Auto update is NOT implemented for the Linux version. Please update manually ASAP as updates contain security patches.
[21/7/2025 03:52:54] [INFO] IMPORTANT: You MUST keep this window open to play BeamMP!
[21/7/2025 03:52:54] [INFO] Game Version : 0.36.4.0
[21/7/2025 03:52:54] [INFO] Game user path: /home/aevris/.local/share/BeamNG.drive/0.36/
[21/7/2025 03:52:54] [ERROR] GET to https://backend.beammp.com/sha/mod?branch=default&pk= failed: SSL peer certificate or SSH remote key was not OK
[21/7/2025 03:52:54] [ERROR] Curl error: SSL certificate problem: unable to get local issuer certificate

:pensive:

long story short, beamMP is using root certificates that are SEVERELY out of date on arch linux (or vice versa, it doesnt matter), so your distro considers them as untrustworthy, at least for your certificate bundle. beamMP guys have been trying their best to let cloudflare change them (you should know, cloudflare are the bad guys here, because only just a few months ago we managed to update that goddamn root cert from 2007), but yeah, most likely that is not gonna happen. and its not like they can cancel cloudflare and choose another issuer… so, RIGHT NOW, what can you do?

  1. add a beamMP certificate as an exception
  2. downgrade archlinux certificates (NOT RECOMMENDED)
  3. use another distro OR use a container (recommended)

i have a guide somewhere here on the forum. but i’ll write it down again from scratch, no bother:

  1. so, if you still want to keep using archlinux (you really shouldnt, but i digress), install podman and distrobox packages
  2. install fedora. so, apparently, fedora is one of the distros that is a bit conservative when it comes to rejecting TLS/SSL certificates. maybe ubuntu, even, but i have not tried it yet.
distrobox create --name fedora --image fedora:41

it will probably scream at you with Image fedora:41 not found., but it’s an alias, so ignore it and press Y

after that,

distrobox enter fedora

and do a little

sudo dnf update

and then download all the necessary dependancies to launch beamNG (except drivers, because container gets its graphics from your host, which is why its completely native… note that this is an absolute minimum, last time i checked…)

sudo dnf install libatomic fontconfig nss at-spi2-atk cups libXcomposite libXdamage libXrandr alsa-lib gtk3

and i think that should work. it does for me =)

if you dont like this, just remove all of the container volumes with

podman system reset

im literally on an FHS non-compliant, immutable and atomic system (cant launch dynamically linked binaries). and i somehow manage to launch beamMP and beamNG… not to brag but yeah =)

P.S. next time, please consider searching for an existing issue first, then post

Thanks, I ended up just installing the certification manually.