Guzzle curl error 60: ssl certificate problem: unable to get local issuer certificate

Q: How do I fix curl 60 SSL certificate problem certificate has expired?

The only solution to this problem is to get your host to update the root certificate on your server. So, you need to contact your server host and ask them to insert a new cacert. pem file into their servers, and configure it within their php.

Q: What is a curl Error 60?

Error curl: (60) SSL certificate problem: unable to get local issuer certificate” can be seen when the SSL certificate on the server is not verified or properly configured.

Inhaltsverzeichnis Show

Vincent Racaza (AdWords API Team)
问题所在
更多相关推荐
curl: (60) SSL certificate problem: unable to get local issuer certificate 错误
cURL error 60: SSL certificate problem: unable to get local issuer certificate
symfony cURL error 60: SSL certificate: unable to get local issuer certificate
CURL：SSL certificate problem: unable to get local issuer certificate
cURL error 60: SSL certificate problem: unable to get local issuer certifica
PHP CURL HTTPS Error: "SSL certificate problem: unable to get local issuer certificate"
curl error: SSL certificate problem: unable to get local issuer certificate解决方案
遇见过curl: (60) SSL certificate problem: unable to get local issuer certificate 错误
curl 报错：SSL certificate problem： unable to get local issuer certificate
PHP：cURL error 60: SSL certificate unable to get local issuer certificate 解决方案
How do you fix a curl Error 60?
How do I fix curl 60 SSL certificate problem certificate has expired?
What is a curl Error 60?
How install Cacert pem in php INI?

unread,

Mar 12, 2018, 1:39:08 PM3/12/18

to AdWords API Forum

Hi guys,

i m trying to Update to Adword API to V201802 PHP client library in my project. After getting configured with adword credentials and all , i have run examples files and get one error after another. BUt I got this 'Fatel error of 'cURL error 60: SSL certificate problem: unable to get local issuer certificate'

Fatal error: Uncaught exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)' in C:\Users\ladewig\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php:187 Stack trace: #0 C:\Users\ladewig\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php(150): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array) #1 C:\Users\ladewig\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php(103): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory)) #2 C:\Users\ladewig\vendor\guzzlehttp\guzzle\src\Handler\CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory)) #3 C:\Users\ladewig\vendor\guzzlehttp\guzzle\src\Handler\Proxy.php(28): Gu in C:\Users\ladewig\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php on line 187

I've found on several pages that the file cacert.pem is missing. So i downloaded it and set the curl.cainfo in php.ini to

curl.cainfo = "D:\wamp\bin\php\extras\ssl\cacert.pem"

and restarted the Webserver but that didn't work.

What else can i do?

So, could you please let me know which steps i am missing in these case of migration of Adword API from V201708 to v201802, as soon as possible.

Thanks & Regards,

Vincent Racaza (AdWords API Team)

unread,

Mar 12, 2018, 2:49:27 PM3/12/18

to AdWords API Forum

Hi,

The issue is on the network layer of your application as it could not locate the SSL certificate. It seems that you have initially did the suggestions provided by other forums on how to resolve this issue, but still, the issue is not yet resolved.

Since this issue is more on the SSL certificate on PHP, and not AdWords API specific, I would recommend that you post your concern here as the library owners can provide further assistance on PHP client library specific issues/concerns.

Thanks,

Vincent

AdWords API Team

前言

有一位同事在做本地开发的时候遇到了如下报错：

GuzzleHttp Exception cURL error 60: SSL certificate problem: unable to get local

开发环境：

PHP7.2.1
Win7
phpstudy

终是在上网找到了解决方案，但不知其所以然。

问题所在

GuzzleHttp 在初始化配置时，默认 verify = true。

// FILE: guzzlehttp/guzzle/src/Client.php /** * Configures the default options for a client. * * @param array $config * @return void */ private function configureDefaults(array $config) { /** * 这里的 verify 默认设置的是 true */ $defaults = [ 'allow_redirects' => RedirectMiddleware::$defaultSettings, 'http_errors' => true, 'decode_content' => true, 'verify' => true, 'cookies' => false, 'idn_conversion' => true, ]; ... }

在后续 curl 的配置中，根据 verify 初始化了 CURLOPT_SSL_VERIFYHOST、CURLOPT_SSL_VERIFYPEER 两个变量。

// FILE: guzzlehttp/guzzle/src/Handler/CurlFactory.php private function applyHandlerOptions(EasyHandle $easy, array &$conf) { $options = $easy->options; if (isset($options['verify'])) { if ($options['verify'] === false) { unset($conf[CURLOPT_CAINFO]); $conf[CURLOPT_SSL_VERIFYHOST] = 0; $conf[CURLOPT_SSL_VERIFYPEER] = false; } else { $conf[CURLOPT_SSL_VERIFYHOST] = 2; $conf[CURLOPT_SSL_VERIFYPEER] = true; if (is_string($options['verify'])) { // Throw an error if the file/folder/link path is not valid or doesn't exist. if (!file_exists($options['verify'])) { throw new \InvalidArgumentException( "SSL CA bundle not found: {$options['verify']}" ); } // If it's a directory or a link to a directory use CURLOPT_CAPATH. // If not, it's probably a file, or a link to a file, so use CURLOPT_CAINFO. if (is_dir($options['verify']) || (is_link($options['verify']) && is_dir(readlink($options['verify'])))) { $conf[CURLOPT_CAPATH] = $options['verify']; } else { $conf[CURLOPT_CAINFO] = $options['verify']; } } } } ... }

由于 CURLOPT_SSL_VERIFYPEER = true 且 CURLOPT_SSL_VERIFYHOST > 0，那就需要验证SSL证书。

下面一段解释内容来源于：传送门

并非所有的系统磁盘上都存在 CA包，比如，Windows 和 OS X 并没有通用的本地 CA包。当设置 verify 为 true 时，Guzzle 将尽力在你的操作系统中找到合适的 CA包，当使用 cURL 或 PHP 5.6 以上版本的流时，Guzzle 将按以下顺序尝试查找CA包：

检查php.ini文件中是否设置了 openssl.cafile。
检查php.ini文件中是否设置了 curl.cainfo。
检查 /etc/pki/tls/certs/ca-bundle.crt 是否存在 (Red Hat, CentOS, Fedora; 由 ca-certificates 包提供)
检查 /etc/ssl/certs/ca-certificates.crt 是否存在 (Ubuntu, Debian; 由 ca-certificates 包提供)
检查 /usr/local/share/certs/ca-root-nss.crt 是否存在 (FreeBSD; 由 ca_root_nss 包提供)
检查 /usr/local/etc/openssl/cert.pem 是否存在 (OS X; 由 homebrew 提供)
检查 C:\windows\system32\curl-ca-bundle.crt 是否存在 (Windows)
检查 C:\windows\curl-ca-bundle.crt 是否存在 (Windows)

查询的结果将缓存在内存中，以便同一进程后续快速调用。然而在有些服务器如 Apache 中每个请求都在独立的进程中，你应该考虑设置 openssl.cafile 环境变量，指定到磁盘文件，以便整个过程都跳过。

具体代码如下：

/** * Returns the default cacert bundle for the current system. * * First, the openssl.cafile and curl.cainfo php.ini settings are checked. * If those settings are not configured, then the common locations for * bundles found on Red Hat, CentOS, Fedora, Ubuntu, Debian, FreeBSD, OS X * and Windows are checked. If any of these file locations are found on * disk, they will be utilized. * * Note: the result of this function is cached for subsequent calls. * * @return string * @throws \RuntimeException if no bundle can be found. */ function default_ca_bundle() { static $cached = null; static $cafiles = [ // Red Hat, CentOS, Fedora (provided by the ca-certificates package) '/etc/pki/tls/certs/ca-bundle.crt', // Ubuntu, Debian (provided by the ca-certificates package) '/etc/ssl/certs/ca-certificates.crt', // FreeBSD (provided by the ca_root_nss package) '/usr/local/share/certs/ca-root-nss.crt', // SLES 12 (provided by the ca-certificates package) '/var/lib/ca-certificates/ca-bundle.pem', // OS X provided by homebrew (using the default path) '/usr/local/etc/openssl/cert.pem', // Google app engine '/etc/ca-certificates.crt', // Windows? 'C:\\windows\\system32\\curl-ca-bundle.crt', 'C:\\windows\\curl-ca-bundle.crt', ]; if ($cached) { return $cached; } if ($ca = ini_get('openssl.cafile')) { return $cached = $ca; } if ($ca = ini_get('curl.cainfo')) { return $cached = $ca; } foreach ($cafiles as $filename) { if (file_exists($filename)) { return $cached = $filename; } } throw new \RuntimeException( <<< EOT No system CA bundle could be found in any of the the common system locations. PHP versions earlier than 5.6 are not properly configured to use the system's CA bundle by default. In order to verify peer certificates, you will need to supply the path on disk to a certificate bundle to the 'verify' request option: http://docs.guzzlephp.org/en/latest/clients.html#verify. If you do not need a specific certificate bundle, then Mozilla provides a commonly used CA bundle which can be downloaded here (provided by the maintainer of cURL): https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt. Once you have a CA bundle available on disk, you can set the 'openssl.cafile' PHP ini setting to point to the path to the file, allowing you to omit the 'verify' request option. See http://curl.haxx.se/docs/sslcerts.html for more information. EOT ); }

结语

在没有需要检查证书需求的前提下，并且是直接引用的 GuzzleHttp 包，可以在初始化是，指定 verify = false。
反之，还是老老实实的将证书放在该放置的地方吧。

curl: (60) SSL certificate problem: unable to get local issuer certificate 错误

curl:(60)SSLcertificateproblem:unabletogetlocalissuercertificate错误SSLcertificateproblem:unabletogetlocalissuercertificate。的错误信息。此问题的出现是由于没有配置信任的服务器HTTPS验证。默认，cURL被设...

cURL error 60: SSL certificate problem: unable to get local issuer certificate

今天在TP5.1的项目中使用了easywechat出现了curl请求错误问题，记录一下解决方法。这个情况一般会出现在php版本大于5.6首先在 https://curl.haxx.se/docs/caextract.html 下载最新的 cacert.pem将下载好的cacert.pem...

symfony cURL error 60: SSL certificate: unable to get local issuer certificate

没错，运气就是这么背，安装都能遇上问题。按照官方教程：然后就移到项目文件下愉快的使用phpsymfony和symfonynewmy_project来创建了。然并卵！！！首先就是symfony不是内部命令也不是外部命令麻麻的，那就换个...

CURL：SSL certificate problem: unable to get local issuer certificate

解决办法：到http://curl.haxx.se/ca/cacert.pem下载pem文件，并将文件拷贝到D:\phpStudy\PHPTutorial\cacert.pem在php.ini增加curl.cainfo=“D:\phpStudy\PHPTutorial\cacert.pem”

cURL error 60: SSL certificate problem: unable to get local issuer certifica

这个错误是因为CA证书导致的。解决方法：打开php.ini搜索curl.cainfo与openssl.cafile,将其配置成你自己cacert.pem文件的路径。找不到curl.cainfo或openssl.cafile可复制以下内容到你的php.ini文件的最底部，修改cac...

PHP CURL HTTPS Error: "SSL certificate problem: unable to get local issuer certificate"

环境环境版本备注windows10pro--PHP5.4--问题当你执行PHPCURL调用HTTPSURL时,可能出现如下错误:SSLcertificateproblem:unabletogetlocalissuercertificateWindows下的PHPCURL默认配置是不信任任何根证书所以会出现以...

curl error: SSL certificate problem: unable to get local issuer certificate解决方案

没有那么多的套路，加上后俩句就可以了

遇见过curl: (60) SSL certificate problem: unable to get local issuer certificate 错误

此问题的出现是由于没有配置信任的服务器HTTPS验证。默认，cURL被设为不信任任何CAs，就是说，它不信任任何服务器验证。因此，这就是浏览器无法通过HTTPs访问你服务器的原因。解决此报错有2种处理方法 1.如果你的...

curl 报错：SSL certificate problem： unable to get local issuer certificate

问题描述当用curl发起https请求时，报错提示信息为：解决方法方法一在调用curl_exec()之前，粗暴的跳过SSL检查项。方法二下载 ca-bundle.crt 证书文件，修改php的配置文件php.ini，在[curl]代码块处，添加下面的代码...

PHP：cURL error 60: SSL certificate unable to get local issuer certificate 解决方案

1.下载cacert.pemhttps://curl.haxx.se/ca/cacert.pem2.配置php.ini[curl];AdefaultvaluefortheCURLOPT_CAINFOoption.Thisisrequiredtobean;absolutepath.curl.cainfo=【你的绝对路径】

How do you fix a curl Error 60?

Solution:.

Save the cacert. pem file anywhere on your system. Example: Since you're modifying both php. ... .

Open your php.ini file. If your php.ini file doesn't have the curl.cainfo line, just add it to the end of the file, then add the file path where you saved your cacert.pem file: ... .

Restart your server..

How do I fix curl 60 SSL certificate problem certificate has expired?

The only solution to this problem is to get your host to update the root certificate on your server. So, you need to contact your server host and ask them to insert a new cacert. pem file into their servers, and configure it within their php.

What is a curl Error 60?

Error “curl: (60) SSL certificate problem: unable to get local issuer certificate” can be seen when the SSL certificate on the server is not verified or properly configured.