Skip to content
Latchkey

Azure Pipelines "The remote certificate is invalid"

A step could not establish a trusted TLS connection because the remote server's certificate failed validation on the agent.

What this error means

A network step (restore, push, REST call) fails with "The remote certificate is invalid according to the validation procedure" or an SSL trust error.

azure-pipelines
##[error]The SSL connection could not be established.
The remote certificate is invalid according to the validation procedure.

Common causes

Untrusted or self-signed certificate

The server presents a cert not in the agent's trust store (internal CA, proxy, or self-signed).

Expired or wrong-host certificate

The cert is expired or does not match the hostname.

TLS-intercepting proxy

A corporate proxy re-signs traffic with a CA the agent does not trust.

How to fix it

Trust the certificate on the agent

  1. Import the server or proxy CA into the agent's trust store.
  2. For self-hosted agents behind a proxy, install the proxy CA so TLS validates.

Fix expired or mismatched certs

  1. Renew the server certificate and ensure the hostname matches.

How to prevent it

  • If you run on GitHub Actions, self-healing managed runners such as Latchkey auto-retry transient failures, so a momentary TLS handshake blip does not fail the job. For persistent trust issues, install the correct CA on the agent.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →