Skip to main content

cURL error 60

Comments

11 comments

  • cPRex Jurassic Moderator

    Hey there!  Just to confirm, you're running a command such as "curl https://google.com" and receiving an error, correct?

    0
  • Jelf

    Confirming that I logged in to my server and issued the command:
    curl https://gisapps.wicomicocounty.org/server/rest/services

    Here is the reply I got:
    curl: (60) SSL certificate problem: unable to get local issuer certificate
    More details here: https://curl.se/docs/sslcerts.html

    curl failed to verify the legitimacy of the server and therefore could not
    establish a secure connection to it. To learn more about this situation and
    how to fix it, please visit the web page mentioned above.

    0
  • Jelf

    I know a bit more.  I did a curl command with the -v option and in the output I see:

    *  CAfile: /etc/pki/tls/certs/ca-bundle.crt

    Apparently this is the default setting for Alma Linux

    0
  • cPRex Jurassic Moderator

    Thanks for the additional details.  I am getting the same result from my personal AlmaLinux machine when I try to connect to your server.

    I'm wondering if there is a firewall issue or other connection problem that is specifically blocking those connection attempts to the site.  Could you open a ticket so this can be investigated?

    0
  • Jelf

    Thank you for reply.  I will be doing some more investigating later today and then I will write it up and open a ticket.

    0
  • Jelf

    I am not done fixing my cURL error 60 problem but I have learned more and now have a plan.  This post and comments is super helpful.  It explains how to update the file  ca-bundle.crt
    https://unix.stackexchange.com/questions/525601/update-ca-trust-extract-not-adding-certificates-to-ca-bundle

    The comments show how to use chrome to find out the company that issued the certificate for a domain.  

    It turns out that some root certificates I need are not in either ca-bundle.crt or in cacert.pem

    I will need to go to the websites for those certificate issuing companies and download their root certificates.

    Next I will make a file with those root certificates and use that file to update ca-bundle.crt as described in the stackexchange post.  

    I will report back here when done.

    0
  • cPRex Jurassic Moderator

    Was your SSL issued by cPanel/Let's Encrypt?  What OS are you using and what version of cPanel? 

    0
  • Jelf

    I have had a VPS server with the same ISP for many years.  Early on I manually installed certs from Let's Encrypt.  That was before Let's Encrypt certs were available via cPanel.

    Last year my ISP setup a new server for me.  This server is currently AlmaLinux v9.5.0 STANDARD kvm  and cPanel Version 120.0.11

    I have a php script which uses cURL to read web addresses.  The great majority of those addresses read fine.  Only a small percent of those addresses result in cURL error 60.

    Here are a couple of those addresses that give cURL error 60.  These webpages display fine on my windows 10 PC with Firefox. 

    https://gismaps.myescambia.com/arcgis/rest/services

    https://ldh.la.gov

     

    0
  • cPRex Jurassic Moderator

    I honestly can't say for sure what is happening here.  However, neither of those certificates are issued by cPanel, so it doesn't seem that any cPanel tools would be related to this issue.

    0
  • Jelf

    OK, thanks for looking at it though.

    0
  • cPRex Jurassic Moderator

    Sure thing - sorry I can't offer more.

    0

Please sign in to leave a comment.