Reputation: 123
Laravel Guzzle : curl error 77 error setting certificate verify locations
- OS: Ubuntu 16.04
- PHP : 7.2
- CURL : curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
- Guzzle: 6.3
My project currently is using some packages that depends on Guzzle, e.g: AWS, Mailgun...However, it often threw out this error:
error: cURL error 77: error setting certificate verify locations:
CAfile: /etc/ssl/certs
CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Below is part of my php.ini
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo='/etc/ssl/certs/ca-certificates.crt'
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile='/etc/ssl/certs/ca-certificates.crt'
; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
openssl.capath='/etc/ssl/certs/'
None of this work, even though retrieving via ini_get() it's ok and fully recognized. For now, I have to make a workaround by modifying vendor/guzzlehttp/guzzle/src/Client.php and adjust default config to 'verify' => '/etc/ssl/certs/ca-certificates.crt' then everything's ok (which I believe not a good option)
retrieving via init_get()
array(8) {
["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=> string(13) "SSL_CERT_FILE"
["default_cert_dir"]=> string(18) "/usr/lib/ssl/certs"
["default_cert_dir_env"]=> string(12) "SSL_CERT_DIR"
["default_private_dir"]=> string(20) "/usr/lib/ssl/private"
["default_default_cert_area"]=> string(12) "/usr/lib/ssl"
["ini_cafile"]=> string(34) "/etc/ssl/certs/ca-certificates.crt"
["ini_capath"]=> string(15) "/etc/ssl/certs/"
}
openssl.cafile: /etc/ssl/certs/ca-certificates.crt
curl.cainfo: /etc/ssl/certs/ca-certificates.crt
Note: I've tried setting up ~/.curlrc together with export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt but none of this work
Does anyone have any solution or any clue to solve this issue?
Upvotes: 6
Views: 19347
Answers (2)
Reputation: 1
I did everything like top comment said, but it didn't worked.
I don't know why but it worked when i runed this code after adding line
curl_setopt($ch, CURLOPT_CAINFO, 'D:\program_data\cacert.pem');
<?php
$payload = json_encode([
"title" => "Updated title"
]);
$headers = [
"Content-type: appplication/json; charset=UTF-8",
"Accept-language: en"
];
$ch = curl_init();
//curl_setopt($ch, CURLOPT_URL, "https://jsonplaceholder.typicode.com/albums/1");
//curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt_array($ch, [
CURLOPT_URL => "https://jsonplaceholder.typicode.com/albums/1",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => $headers
]);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CAINFO, 'D:\program_data\cacert.pem');
$data = curl_exec($ch);
curl_close($ch);
var_dump($data);
var_dump(curl_error($ch));
Upvotes: 0
Reputation: 341
Relating to 'SSL certificate problem: unable to get local issuer certificate' error. Rather obviously this applies to the system sending the CURL request (and no the server receiving the request)
Download the latest cacert.pem from https://curl.haxx.se/ca/cacert.pem
Add the following line to php.ini (if this is shared hosting and you don't have access to php.ini then you could add this to .user.ini in public_html)
curl.cainfo="/path/to/downloaded/cacert.pem"Make sure you enclose the path within double quotation marks!!!
grant permission to your web server user like ngnix or www-data to read the file.
sudo chown www-data /etc/ssl/certs/cacert.pemlast step restart fpm and ngnix or apache
Upvotes: 24
Related Questions
- Laravel - Guzzle Request / cURL error 6: Could not resolve host
- Laravel guzzle cURL error 6: Could not resolve host: http (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
- cURL error 60: SSL certificate problem: self signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
- cURL error 6 in sending request with guzzle
- Laravel Guzzlehttp cURL error 56: SSLRead() return error -9806 (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
- GuzzleHttp Client:CURL error 3: <url> malformed
- Laravel - GuzzleHttp Client throwing cURL error 35: Unknown SSL protocol error in connection
- Why I am getting Fatal error: Uncaught exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 60
- Laravel, Local Hosted cURL error 60: SSL certificate
- Guzzle\Http\Exception\CurlException - Laravel Error