cURL error 60: SSL certificate: unable to get local issuer certificate
How to solve this problem:
download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html
save it on your filesystem somewhere (for example, XAMPP users might use
C:\xampp\php\extras\ssl\cacert.pem
)in your php.ini, put this file location in the
[curl]
section (putting it in the[openssl]
section is also a good idea):
[curl]
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
[openssl]
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"
- restart your webserver (e.g. Apache) and PHP FPM server if applicable
(Reference: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate)
Ubuntu 22.04 LTS and Composer curl error 60 - SSL certificate problem: unable to get local issuer certificate
Finally managed to solve it by manually replacing the ca-bundle.crt file, after realizing that even a simple curl/wget CLI command (outside of PHP/Composer) returned the same error (this the reason of the --no-check-certificate below):
sudo mv /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt.backup
sudo wget -O /etc/ssl/ca-bundle.crt https://curl.se/ca/cacert.pem --no-check-certificate
I got the link from: https://curl.se/docs/caextract.html
Still same error display: cURL error 60: SSL certificate problem: unable to get local issuer certificate
How to solve this problem:
download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html
save it on your filesystem somewhere (for example, XAMPP users might use C:\xampp\php\extras\ssl\cacert.pem)
in your php.ini, put this file location in the [curl] section (putting it in the [openssl] section is also a good idea):
Example:
[curl]
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
[openssl]
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"
- restart your webserver (e.g. Apache) and PHP FPM server if applicable
reference here
You could also remove SSL validation on localhost. Just need to add options to de GuzzleHttp client in the 'withOptions' method to disable verification.
$options = ['verify'=>false];
To check if a local environment can do a simple if:
public function authApi(){
$options = [];
if (App::environment('local')) {
$options = ['verify'=>false];
}
return Http::withBasicAuth($this->client_key, $this->client_key_secret)->withOptions($options);
}
MAMP local development - cURL error 60: SSL certificate: unable to get local issuer certificate
Update the location of the cacert.pem in your openssl.cnf file to point to the latest version you got from curl.se and you should be right.
Composer Curl error 60: SSL certificate problem: unable to get local issuer certificate
Further research led me to the proxy, which is ZScaler, being the problem. As stated in this post, ZScaler intercepts SSL traffic and re-encrypts it with its own certificate which is not trusted, so Composer (or any other program accessing sites via https) will complain with the above error that it's "unable to get local issuer certificate".
So the solution must be to get the "ZScaler Intermediate Root CA" to be trusted on the server. (Which I can't do myself due to company policy, but anyone looking for a solution to the above problem probably has another hint now what to do.)
Related Topics
How to Truncate a String in PHP to the Word Closest to a Certain Number of Characters
How to Read If a Checkbox Is Checked in PHP
Why Can't I Access Datetime-≫Date in PHP'S Datetime Class
Mvc For Advanced PHP Developers
How to Sort Files by Date in PHP
Compare 2-Dimensional Data Sets Based on a Specified Second Level Value
When Do I Use the PHP Constant "PHP_Eol"
If Block Inside Echo Statement
Prevent Direct Access to a PHP Include File
How to Find the Last Day of the Month from Date
How to Validate an Email in PHP