Curl: Fix CURL (51) SSL error: no alternative certificate subject name matches
It usually happens when the certificate does not match with the host name.
The solution would be to contact the host and ask it to fix its certificate.
Otherwise you can turn off cURL's verification of the certificate, use the -k
(or --insecure
) option.
Please note that as the option said, it is insecure. You shouldn't use this option because it allows man-in-the-middle attacks and defeats the purpose of HTTPS.
More can be found in here: http://curl.haxx.se/docs/sslcerts.html
curl --cacert error curl: (60) SSL: no alternative certificate subject name matches target host name
Use wget. --ca-certificate=path/to/PEM/ca/cert
Curl error no alternative certificate..
To summarize from the comments:
- The good and the bad system actually accessed different servers which were configured with different certificates. That's why it failed on one system but not on the other.
- The reason for this difference was that the bad system had an entry in
/etc/hosts
which was used instead of asking the DNS server. - The problem was found by comparing the output of
curl -v
and realizing that the shown target IP address was different. - The problem was fixed by removing the old entry in
/etc/hosts
so that it now queries the DNS server and gets the correct IP address of the server.
message: cURL error 60: SSL: no alternative certificate subject name matches target host name 'api-.pusher.com'
I think you should install the CURL extension as below (on Linux):
sudo apt-get install php-curl
This will install a dependency package, which depends on the default PHP version. After that restart apache
sudo service apache2 restart
on windows:
read this article
cURL error 60: SSL: no alternative certificate subject name matches target host name. Inter-project communication
When you want one DDEV-Local project to talk to another using https, curl on the client side has to trust the server side that you're talking to. There are two ways to do this:
(built-in, no changes needed): Use
ddev-<projectname>-web
(the container name) as the target hostname in the URL. For example in your case, usecurl https://ddev-drupal7migration2-web
. This hostname is already trusted among various ddev projects.(requires docker-compose.*.yaml): If you want to use the real full FQDN of the target project (https://drupal7migration2.ddev.site in your case) then you'll need to add that as an external_link in the client project's .ddev. So add a file named .ddev/docker-compose.external_links.yaml in the client side (migration1?) project, with these contents:
version: '3.6'
services:
web:
external_links:
- "ddev-router:drupal7migration2.ddev.site"
That will tell Docker to route requests to "drupal7migration2.ddev.site" to the ddev-router, and your container and curl trust it (it has that name in its cert list).
cURL error 60: SSL certificate: unable to get local issuer certificate
How to solve this problem:
download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html
save it on your filesystem somewhere (for example, XAMPP users might use
C:\xampp\php\extras\ssl\cacert.pem
)in your php.ini, put this file location in the
[curl]
section (putting it in the[openssl]
section is also a good idea):
[curl]
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
[openssl]
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"
- restart your webserver (e.g. Apache) and PHP FPM server if applicable
(Reference: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate)
Related Topics
How to Use Unicode in Aspell Dictionary
Is It Correct to Use The Rc.Local File to Start a Program When The System Starts
Install Gulp Browserify Gives Error Always
How to Couple Xargs with Pdftotext Converter to Search Inside Multiple PDF Files
How to Extract Every N Columns and Write into New Files
Pg_Dump Not Been Killed Inside Script with Kill Command
How to Get Started with Libsandbox
Pid File Exists, But Process Is Not Running
"Unknown Symbol in Module" on Module Insertion Despite Export_Symbol
How to Get The User's Domain Information in Samba
How Convert Address in Elf to Physical Address
Difference Between Posix Reliable Signals and Posix Real-Time Signals in Linux
Conversion from Ebcdic to Utf8 in Linux
Kernel Module Build Fails: Sys/Types.H: No Such File or Directory
What Algorithm How to Use to Generate a 48-Bit Hash for Unique MAC Addresses