Azure Pipelines "The remote certificate is invalid"
A step could not establish a trusted TLS connection because the remote server's certificate failed validation on the agent.
What this error means
A network step (restore, push, REST call) fails with "The remote certificate is invalid according to the validation procedure" or an SSL trust error.
azure-pipelines
##[error]The SSL connection could not be established.
The remote certificate is invalid according to the validation procedure.Common causes
Untrusted or self-signed certificate
The server presents a cert not in the agent's trust store (internal CA, proxy, or self-signed).
Expired or wrong-host certificate
The cert is expired or does not match the hostname.
TLS-intercepting proxy
A corporate proxy re-signs traffic with a CA the agent does not trust.
How to fix it
Trust the certificate on the agent
- Import the server or proxy CA into the agent's trust store.
- For self-hosted agents behind a proxy, install the proxy CA so TLS validates.
Fix expired or mismatched certs
- Renew the server certificate and ensure the hostname matches.
How to prevent it
- If you run on GitHub Actions, self-healing managed runners such as Latchkey auto-retry transient failures, so a momentary TLS handshake blip does not fail the job. For persistent trust issues, install the correct CA on the agent.
Related guides
Azure Pipelines "Could not get an access token" OIDCFix the Azure Pipelines "Could not get an access token" OIDC error where workload identity federation failed…
Azure Pipelines "az login" Service Principal FailedFix the Azure Pipelines "az login" service principal failure where AzureCLI authentication is rejected due to…
Azure Pipelines "We stopped hearing from agent" Lost CommunicationFix the Azure Pipelines "We stopped hearing from agent" error where the service lost communication with the a…