Curl: (60) ssl certificate problem: unable to get local issuer certificate centos

More than 1 year has passed since last update.

posted at 2020-04-30

• 環境
  • Red Hat Enterprise Linux Server release 7.7 (Maipo)
  • curl 7.29.0 (x86_64-redhat-linux-gnu)

事象 : httpsをcurlしたら怒られた

$ curl https://localhost curl: (60) Issuer certificate is invalid. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

原因 : SSLで証明書の検証に問題があるから

If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). (訳)このHTTPSサーバーが、バンドルに示されているCAによって署名された証明書を使用する場合、証明書の問題(有効期限が切れているか、名前がURLのドメイン名と一致していない可能性)が原因で証明書の検証に失敗した可能性があります。

対応 : -kか--insecureオプションで証明書の検証をしない

If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. (訳)curlによる証明書の検証をオフにしたい場合は、-k (または--insecure)オプションを使用します。

ちゃんとURL先が見えた

$ curl --insecure https://localhost <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> ...省略... </body></html>

ほかの対応 : 証明書を用意する

• [curl] HTTPS通信できない (unable to get local issuer certificate) - noknow
• curl の openssl版でSSLサイトにアクセスすると "SSL certificate problem: unable to get local issuer certificate" エラーが表示される

Why not register and get more from Qiita?

1. We will deliver articles that match you

   By following users and tags, you can catch up information on technical fields that you are interested in as a whole

2. you can read useful information later efficiently

   By "stocking" the articles you like, you can search right away

Sign upLogin

Just installed a Comodo certificate on our server, (centos 5) https works fine, the website works fine with https. But one of our wordpress plugin

.htaccess file contains rules to rewrite url https://example.com/w3tc_rewrite_test into https://example.com/?w3tc_rewrite_test which, if handled by plugin, return "OK" message. The plugin made a request to https://example.com/w3tc_rewrite_test but received:

SSL certificate problem: unable to get local issuer certificate

instead of "OK" response.

executing the command: curl https://example.com results in:

on external server:

I already downloaded the latest ca certificates, manually pointed to the crt/pem file in php.ini all to no avail...

Also changed the CA server certificate to the CAroot that was supplied by comodo.

Solutions

This is a very generic issue. It is saying it is not able to find the intermediate certificate in the certificate store. Try manually stripping out the intermediate certificate and install it.

I faced this while working with Python requests module.

I was also creating a ca.pem file and putting the server certificate there(The server public key). I put the Intermediate CA certificate with the server certificate. Then I got:

unable to find issuer certificate.

I then added the root ca in the pem file and it did the trick.

Check your sites with SSLLabs for problems, especially missing chain certificates. At least the site swedendedicated.com you mentioned (before you did the last edit) has serious problems:

Thus it will work with most browsers which either have the missing certificate cached or will download the missing certificate. Non-Browsers will usually neither cache nor download missing certificates and thus will fail.

The fix is to reconfigure your server to include the missing certificates. If you have questions how to do this look at the instructions you got from your certificate provider. If this does not help ask at serverfault.com.

Similar questions

WooCommerce: Unable to write certificate file during cURL configuration

I'm setting PayPal Express Checkout in WooCommerce. I've set API keys and certificate, but after saving it I got error "Error: Sorry, Easy Setup encountered an error. Please try again.". In log then I see following error: 07-08-2016 @ 11:27:22 - WC_Gateway_PPEC_Client::_request: exception is thrown while trying to make a request to PayPal: Unable t...

SSL certificate verify failed over plain HTTP (non-SSL) in WordPress update

I'm trying to update WordPress itself along with plugins and themes. Update WordPress Downloading update from http://downloads.wordpress.org/release/wordpress-4.4.1-new-bundled.zip… Download failed.: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Ins...

Cannot upgrade to 4.0 - get SSL certificate error

I am not a developer. I have a blog. I don't understand code. I am trying to update my site to 4.0 from 3.5.1 version but kept getting an SSL certificate error. I was told by my hosting service provider that it is a Wordpress error and that they cannot assist except recommend a workaround. I then added the following lines as requested in order to u...

Also ask

How do I fix curl 60 SSL certificate?

How do I fix unable to get local issuer certificate?

What is a curl Error 60?

How do I bypass SSL verification in curl?