Reputation: 7700
CentOS 7: Error with SSL without having any SSL certificate installed
I started an SSL activation process with a certificate I bought in namecheap and I followed this guide https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7
But I stop the process since the activation took a long time and never worked and the SSL was removed and refunded from namecheap, so I removed the cerficates I created in /etc/ssl also I cleaned my nginx block with the original configuration for my website.
But now with every call using yum or composer or any external call from my website/server is displaying errors related to some missing certificates or errors with them, like these:
With yum
- Cannot retrieve metalink for repository: epel/x86_64. Please verify its path and try again
- https://rpm.nodesource.com/pub_6.x/el/7/x86_64/repodata/repomd.xml: [Errno 14] curl#77 - "Problem with the SSL CA cert (path? access rights?)"
With composer
- [Composer\Downloader\TransportException] The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed wit h code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Failed to enable crypto failed to open stream: operation failed
With a service that call to mailgun from my API
- RequestException in CurlFactory.php line 187: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Do you have any idea? Because I researched a lot and cannot find the solution.
Upvotes: 0
Views: 9488
Answers (1)
Reputation: 150
It sounds like you've removed not only your certificates, but the bundle of CA root certificates that came with your operating system, and which all of the SSL clients on your system use to verify the certificates of the SSL-enabled servers they need to talk to.
On my nearby CentOS 6 box, the CA bundle is /etc/ssl/certs/ca-bundle.crt, and is from the ca-certificates package. I believe those are the same in CentOS 7. You can check for missing files with rpm -V ca-certificates, which
If that's the case and you've accidentally removed your CA bundle, you can restore it with
rpm -Uvh --replacepkgs http://mirror.centos.org/centos/7/updates/x86_64/Packages/ca-certificates-2017.2.11-70.1.el7_3.noarch.rpm
which will (re-)install the package that contains the CA bundle.
Upvotes: 1
Related Questions
- cURL not working (Error #77) for SSL connections on CentOS for non-root users
- Centos 7: cURL ssl error: you are attempting to import a cert with the same
- curl error 35 : unknown SSL protocol error in connection
- CURL on Centos 7 getting NSS error -12188
- cURL SSL connect error 35 with NSS error -5961
- cURL: SSL connect error while trying to install kubectl on RHEL 7
- Curl is not installing with ssl support in Centos (at user defined --perfix)
- Manual install of curl can't find openssl
- SSL certificate error
- Centos 6.6 CURL returns error when connecting to some SSL Site