25

I'm struggling with this error when trying to send a message via Twilio using their PHP library:

Fatal error: Uncaught exception Services_Twilio_TinyHttpException with message SSL certificate problem: self signed certificate in certificate chain thrown in F:\path\to\site\twilio-php\Services\Twilio\TinyHttp.php on line 119

I'm using wamp on windows 7.

I have of course found all of the other posts about certificate errors. From what I can see, usually updating or adding the cacert.pem file fixes the issue. However, even after doing this i'm still getting the same error.

Just as a sanity check here is exactly what i've done:

  1. Downloaded the latest certificates from here: http://curl.haxx.se/ca/cacert.pem.
  2. Placed this file in the following location c:/wamp/certs/cacert.pem
  3. Updated php.ini as follows: curl.cainfo = c:/wamp/certs/cacert.pem
  4. Restarted all wamp services including apache

And i'm still getting the same error. I have verified that I am editing the correct php.ini using phpinfo(). I'm at a loss as to why it's still complaining.

Is there any way to verify 100% that my cacert.pem file is being found and read? I've checked phpinfo() and there is no mention of it in there. Should it say somewhere which, if any cacert.pem it's using?

Thanks!

Megan Speir
  • 3,745
  • 1
  • 15
  • 25
jd182
  • 3,180
  • 6
  • 21
  • 30
  • I am at the exact same point. Have configured cacert.pem in my php.ini - verified that it is loaded by echo ini_get('curl.cainfo'); which gave the correct path. Still: Twilio does not want to talk with my WAMP installation. Did you got any further with that? – hbit Apr 03 '15 at 20:47
  • 1
    In the end I had to use `curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);`. I know that's a dirty fix, but i'm only using it in development. My production server is using SSL without any problems. – jd182 Apr 07 '15 at 09:25
  • Thank you for your feedback. Same thing for me actually - I could not make the problem disappear on Windows / WAMP. On my linux production environment everyhing is working wih certificate checking activated. – hbit Apr 07 '15 at 14:00

9 Answers9

56

I had the exact same issue

Follow these steps:

Download the following file - cacert.pem

Then download the following file - thawte_Premium_Server_CA.pem

Open the second file in a text editor and copy its contents into the first file (cacert.pem at the bottom/end).

Save cacert.pem and add the following lines to your php.ini :

[curl]
curl.cainfo=c:/xampp/php/cacert.pem

Obviously change the directory to the one where your pem is located. Restart the php local server (xampp/wamp). Then it will work flawlessly.

thanks.

Shashanth
  • 4,995
  • 7
  • 41
  • 51
codemonkey
  • 700
  • 6
  • 12
9

Edit TinyHttp.php

and add CURLOPT_SSL_VERIFYPEER => FALSE, at $opts array

Nuno Ferro
  • 1,261
  • 12
  • 17
  • 4
    This means "don't check the certificate", and removes the MITM protection the certificates give you. I don't think this therefore fixes the problem. – halfer Jan 13 '16 at 08:35
  • 1
    @halfer, if you get a better solution tell me – Nuno Ferro Jan 18 '16 at 10:32
  • 1
    There's other solutions on this page that, at a quick glance, appear to point cURL to the correct certificates. – halfer Jan 18 '16 at 10:39
  • 2
    Worked for me, I edited Http/CurlClient.php at line 108 and added `CURLOPT_SSL_VERIFYPEER => FALSE,`. I don't want to add the certificate because then if its absent on server I have to edit php.ini to point to the certificate which becomes complex sometimes based on hosting. – shivgre May 30 '17 at 07:26
4

Instead of hacking tiny_http.php, you can add your own cURL options by calling Twilio's CurlClient constructor with your chosen options, like:

    $client = new \Twilio\Rest\Client($accountSid, $authToken);
    $curlOptions = [ CURLOPT_SSL_VERIFYHOST => false, CURLOPT_SSL_VERIFYPEER => false];
    $client->setHttpClient(new CurlClient($curlOptions));

    try {
        $call = $client->calls->create($from_phone, $phone_number, $callback_url);
        print 'Call queued with Twilio';
    } catch (\Exception $ex) {
        print 'Twilio error: ' . $ex->getMessage();
    }
user3511370
  • 41
  • 2
3

I'm not using Twilio, but I am on Windows and was having the exact problems described in the OP. I resolved this by downloading the ca-bundle.crt file from this page and pointing my php.ini to it: http://curl.haxx.se/docs/caextract.html

gazareth
  • 1,135
  • 10
  • 26
1

In my case, the cacert.pem from the download link above didn't work for me but the cacert.pem from previous twilio php library package such as 3.12.5 worked. I modified twilio.php in newer package to add the following two lines

CURLOPT_CAINFO => dirname(FILE) . '/cacert.pem'
'cafile' => dirname(FILE) . '/cacert.pem'

to the corresponding location as older package and copied the cacert.pem to newer package as well.

Nathan Tuggy
  • 2,237
  • 27
  • 30
  • 38
leshan
  • 11
  • 1
  • Link to such a previous package? – Nathan Tuggy Apr 20 '15 at 02:18
  • I modified twilio.php in newer package to add the following two lines CURLOPT_CAINFO => dirname(__FILE__) . '/cacert.pem', and 'cafile' => dirname(__FILE__) . '/cacert.pem', to the corresponding location as older package and copied the cacert.pem to newer package as well. – leshan Apr 20 '15 at 15:29
  • Comments tend to be poor at expressing code, and are generally temporary, so while I've updated the answer to match, there might be some glitches; please double-check that the answer makes sense. – Nathan Tuggy Apr 20 '15 at 16:45
0

For me, none of the answers posted here worked.

But then I upgraded my PHP to 7.0.1*, and I no longer had this error: Services_Twilio_TinyHttpException: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL.

*(C:\wamp\bin\php\php-7.0.1-Win32-VC14-x64 instead of C:\wamp\bin\php\php5.4.3)

And my C:\wamp\bin\php\php-7.0.1-Win32-VC14-x64\php.ini had already included curl.cainfo=C:/wamp/cacert.pem.

Ryan
  • 22,332
  • 31
  • 176
  • 357
0

Here is the official answer from Twilio:

To try fixing this issue please try to do the following:

1 Download the following pem file: https://twilio.zendesk.com/attachments/token/EenviU5Rv4KHUzGM6VP5UijB0/?name=cacert.pem

2 Copy this file to either c:\cert\cacert.pem (Windows) or any other path on your Unix/ Linux / Mac installation

3 Open php.ini file in your favorite editor

If the following configuration string: curl.cainfo exists in your php.ini, please uncomment it by removing ";" and modify the path in order to point it to the cacert.pem file attached to this e-mail, e.g:

;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

curl.cainfo=c:\cert\cacert.pem

5 Please restart your Apache service to apply the change (very important!)

Sandeep
  • 1,504
  • 7
  • 22
  • 32
Jonathan
  • 1
0

Adding this answert because nobody is mentioning the [ini-tag]

php.ini

[curl]
curl.cainfo=C:\cacert.pem

cacert.pem is downloaded here: https://twilio.zendesk.com/attachments/token/EenviU5Rv4KHUzGM6VP5UijB0/?name=cacert.pem

Jonathan
  • 6,741
  • 7
  • 52
  • 69
-1

I am having the same issue, But I been looking into the article maybe it helps you. http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/

Look into your cURL version. you must be in 7.4x

coco minion
  • 123
  • 2
  • 15
  • I think jd182 has considered all of that if you read what he tried and hwat he is asking for exactly. – hbit Apr 03 '15 at 20:49