Laravel Guzzle : curl error 77 error setting certificate verify locations
Relating to 'SSL certificate problem: unable to get local issuer certificate' error. Rather obviously this applies to the system sending the CURL request (and no the server receiving the request)
Download the latest cacert.pem from https://curl.haxx.se/ca/cacert.pem
-
Add the following line to php.ini (if this is shared hosting and you don't have access to php.ini then you could add this to .user.ini in public_html)
curl.cainfo="/path/to/downloaded/cacert.pem"Make sure you enclose the path within double quotation marks!!!
-
grant permission to your web server user like ngnix or www-data to read the file.
sudo chown www-data /etc/ssl/certs/cacert.pem last step restart fpm and ngnix or apache
user2663561
Updated on June 14, 2022Comments
-
user2663561 almost 2 years
- OS: Ubuntu 16.04
- PHP : 7.2
- CURL : curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
- Guzzle: 6.3
My project currently is using some packages that depends on Guzzle, e.g: AWS, Mailgun...However, it often threw out this error:
error: cURL error 77: error setting certificate verify locations: CAfile: /etc/ssl/certs CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)Below is part of my php.ini
[curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. curl.cainfo='/etc/ssl/certs/ca-certificates.crt' [openssl] ; The location of a Certificate Authority (CA) file on the local filesystem ; to use when verifying the identity of SSL/TLS peers. Most users should ; not specify a value for this directive as PHP will attempt to use the ; OS-managed cert stores in its absence. If specified, this value may still ; be overridden on a per-stream basis via the "cafile" SSL stream context ; option. openssl.cafile='/etc/ssl/certs/ca-certificates.crt' ; If openssl.cafile is not specified or if the CA file is not found, the ; directory pointed to by openssl.capath is searched for a suitable ; certificate. This value must be a correctly hashed certificate directory. ; Most users should not specify a value for this directive as PHP will ; attempt to use the OS-managed cert stores in its absence. If specified, ; this value may still be overridden on a per-stream basis via the "capath" ; SSL stream context option. openssl.capath='/etc/ssl/certs/'None of this work, even though retrieving via ini_get() it's ok and fully recognized. For now, I have to make a workaround by modifying vendor/guzzlehttp/guzzle/src/Client.php and adjust default config to 'verify' => '/etc/ssl/certs/ca-certificates.crt' then everything's ok (which I believe not a good option)
retrieving via init_get()
array(8) { ["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem" ["default_cert_file_env"]=> string(13) "SSL_CERT_FILE" ["default_cert_dir"]=> string(18) "/usr/lib/ssl/certs" ["default_cert_dir_env"]=> string(12) "SSL_CERT_DIR" ["default_private_dir"]=> string(20) "/usr/lib/ssl/private" ["default_default_cert_area"]=> string(12) "/usr/lib/ssl" ["ini_cafile"]=> string(34) "/etc/ssl/certs/ca-certificates.crt" ["ini_capath"]=> string(15) "/etc/ssl/certs/" } openssl.cafile: /etc/ssl/certs/ca-certificates.crt curl.cainfo: /etc/ssl/certs/ca-certificates.crtNote: I've tried setting up ~/.curlrc together with export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt but none of this work
Does anyone have any solution or any clue to solve this issue? -
user2663561 over 5 yearsThanks for you answer. I've tried but unfortunately, not work either. In the end, there's no other choice for me is to amend the guzzle package to set the CAfile path directly.
-
Dom DaFonte over 5 yearsThis was an excellent response and solved my issue and my issue was intermittent errors. This should be accepted as the answer here.
