Woke up one morning to find the outbound ssl connections my app (Ubuntu / Apache2 / Ruby on Rails) was trying to make, are no longer working (it was working just fine yesterday) with the following errors:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
It took a frustrating couple of hours digging around, and ending up on several unhelpful stackoverflow answers, for me to come to this conclusion:
The trusted SSL certs for my servers were out of date:
/etc/ssl/certs/ca-certificates.crt
The fix: Find the latest version of ca-certificates.crt and replace it.