cURL error 60
I searched and read the posts related to cURL error 60.
I downloaded the cacert.pem file and put it on my server
I used the WHM multi-php ini editor to edit the global ini file and set:
curl.cainfo="{complete-path-to}/cacert.pem"
openssl.cafile="{complete-path-to}/cacert.pem"
Then I did a forceful server reboot.
A phpinfo command correctly shows that curl.cainfo has been set as noted above. But I am still getting cURL error 60 when my php code tries to read some (but not all) https addresses.
What else do I need to do to fix cURL error 60? The addresses I am trying to read with php work fine when opened in my browser (Firefox).
-
Hey there! Just to confirm, you're running a command such as "curl https://google.com" and receiving an error, correct?
0 -
Confirming that I logged in to my server and issued the command:
curl https://gisapps.wicomicocounty.org/server/rest/servicesHere is the reply I got:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.0 -
I know a bit more. I did a curl command with the -v option and in the output I see:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
Apparently this is the default setting for Alma Linux
0 -
Thanks for the additional details. I am getting the same result from my personal AlmaLinux machine when I try to connect to your server.
I'm wondering if there is a firewall issue or other connection problem that is specifically blocking those connection attempts to the site. Could you open a ticket so this can be investigated?
0 -
Thank you for reply. I will be doing some more investigating later today and then I will write it up and open a ticket.
0 -
I am not done fixing my cURL error 60 problem but I have learned more and now have a plan. This post and comments is super helpful. It explains how to update the file ca-bundle.crt
https://unix.stackexchange.com/questions/525601/update-ca-trust-extract-not-adding-certificates-to-ca-bundleThe comments show how to use chrome to find out the company that issued the certificate for a domain.
It turns out that some root certificates I need are not in either ca-bundle.crt or in cacert.pem
I will need to go to the websites for those certificate issuing companies and download their root certificates.
Next I will make a file with those root certificates and use that file to update ca-bundle.crt as described in the stackexchange post.
I will report back here when done.
0 -
Was your SSL issued by cPanel/Let's Encrypt? What OS are you using and what version of cPanel?
0 -
I have had a VPS server with the same ISP for many years. Early on I manually installed certs from Let's Encrypt. That was before Let's Encrypt certs were available via cPanel.
Last year my ISP setup a new server for me. This server is currently AlmaLinux v9.5.0 STANDARD kvm and cPanel Version 120.0.11
I have a php script which uses cURL to read web addresses. The great majority of those addresses read fine. Only a small percent of those addresses result in cURL error 60.
Here are a couple of those addresses that give cURL error 60. These webpages display fine on my windows 10 PC with Firefox.
https://gismaps.myescambia.com/arcgis/rest/services
0 -
I honestly can't say for sure what is happening here. However, neither of those certificates are issued by cPanel, so it doesn't seem that any cPanel tools would be related to this issue.
0 -
OK, thanks for looking at it though.
0 -
Sure thing - sorry I can't offer more.
0
Please sign in to leave a comment.
Comments
11 comments