Composer update fails while updating from packagist

Question

While executing composer install/update I have got the following error from openssl:

The "https://packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Failed to enable crypto failed to open stream: operation failed https://packagist.org could not be fully loaded, package information was loaded from the local cache and may be out of date

I am using:

PHP 5.6.3 (cli) (built: Nov 17 2014 15:16:53)
XAMPP stack 5.6.3-0
ubuntu 14.04

composer diag shows:

Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity: FAIL
[Composer\Downloader\TransportException] The "https://packagist.org/packages.json"  file  could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Checking disk free space: OK
Checking composer version:

[Composer\Downloader\TransportException]
The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed

php -r 'var_dump(openssl_get_cert_locations());' shows:

array(8) {
["default_cert_file"]=>
string(33) "/opt/lampp/share/openssl/cert.pem"
["default_cert_file_env"]=>
string(13) "SSL_CERT_FILE"
["default_cert_dir"]=>
string(30) "/opt/lampp/share/openssl/certs"
["default_cert_dir_env"]=>
string(12) "SSL_CERT_DIR"
["default_private_dir"]=>
string(32) "/opt/lampp/share/openssl/private"
["default_default_cert_area"]=>
string(24) "/opt/lampp/share/openssl"
["ini_cafile"]=>
string(0) ""
["ini_capath"]=>
string(0) ""
}

For php 5.5.19 everything is Ok.

Please, explore this issue: https://github.com/composer/composer/issues/2798 — sectus, Nov 30 '14 at 07:57
If you are using **Kaspersky**, check this: https://stackoverflow.com/a/54791481/3549317 — cespon, Feb 20 '19 at 17:02

Manuel Ochoa · Answer 1 · 2014-12-02T17:48:25.583

32

I found a solution to this

I'm running:
FreeBSD 10.1
Apache2.4
PHP 5.6.3

To find the CA file I ran this command

> locate cacert.pem

Result was:
/usr/local/lib/perl5/site_perl/5.16/Mozilla/CA/cacert.pem

Then open the php.ini file and
change this:

;openssl.cafile=

To this:

openssl.cafile=/usr/local/lib/perl5/site_perl/5.16/Mozilla/CA/cacert.pem

Note: This directive is only available on php 5.6.x

Then restart Apache

edited Dec 02 '14 at 17:48

answered Dec 02 '14 at 16:28

Manuel Ochoa

321
2
4

1

if you are unable to locate your copy of cacert.pem file, its available for download at http://curl.haxx.se/docs/caextract.html – redDevil Jan 24 '15 at 09:50
2

I am using PHP Version 5.6.3 on MAC. But unable to find the openssl.cafile= – Kiren S Apr 21 '15 at 13:02
Works on ubuntu for `php composer.phar install` my zend framework 2 application. – shukshin.ivan Oct 05 '15 at 22:28
I just did all this in php 7.0 but it's still not working (;_;) wtf man? I restarted apache as well – pythonian29033 Jul 13 '16 at 08:19
works for me on php 5.6.40 and ubuntu 18.04 in vagrant – Bob Bao Sep 19 '20 at 12:27

score 12 · Answer 2 · edited Jan 02 '17 at 06:12

12

I solved the problem with the SSL error by adding the SSL certificate to the XAMPP certificates folder.

// navigate to a directory to save the certificate
cd /Downloads

// download a certificate
wget http://curl.haxx.se/ca/cacert.pem

// rename and move the file to the Xampp certificates folder
mv cacert.pem /Applications/XAMPP/xamppfiles/share/openssl/cert.pem

Don't forget to restart your apache!

edited Jan 02 '17 at 06:12

teynon

7,540
10
63
106

answered Apr 02 '15 at 04:45

kipzes

694
2
10
27

2

Thank you! For information, on Linux the path is: sudo mv cacert.pem /opt/lampp/share/openssl/cert.pem – Ronald Araújo Oct 03 '15 at 14:22
To find the location the following can be used: `php -r "print_r(openssl_get_cert_locations());"` (look for the value of `default_cert_file`.). – Potherca Feb 28 '18 at 09:23

score 12 · Answer 3 · answered Oct 07 '16 at 21:03

I am using Mac OS Sierra and when I was trying to update the composer using the command /usr/local/bin/composer self-update I kept getting the error:

[Composer\Downloader\TransportException]                                                          
  The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed with co  
  de 1. OpenSSL Error messages:                                                                     
  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed                 
  Failed to enable crypto                                                                           
  failed to open stream: operation failed

I fixed it following these steps:

1) Create the local database using the command:

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.locate.plist

2) Locate the cert file:

locate cacert.pem

3) Check the location of the php.ini file:

php --ini

4) If the 'Loaded Configuration File' for php.ini file is showing as (none), copy the file /etc/php.ini.default to /etc/php.ini:

sudo cp /etc/php.ini.default /etc/php.ini

5) Open the php.ini file and edit the ;openssl.cafile= line by uncommenting it and appending the link to the cert file location:

openssl.cafile=/Users/me/.composer/cacert.pem

Thats it. Now, when you run the composer update, it will work fine.

score 7 · Answer 4 · answered Dec 18 '18 at 16:24

I ran into the same exact issue on Windows even after adding valid latest certificate downloaded. I'm running composer behind proxy, So i've to add environment variables http_proxy and https_proxy.

My environment: PHP 5.6.33 Windows 7 64 bit Composer version 1.6.3 2018-01-31 16:28:17

I downloaded latest certificates CA Bundle and updated following paths in my php.ini still didn't work.

curl.cainfo = C:\Certificates\ca-bundle.crt
openssl.cafile= C:\Certificates\ca-bundle.crt
openssl.capath=C:\Certificates

Then did following steps

1) Open chrome browser and navigate https://packagist.org/

2) Click on the little Secure Lock icon

3) Click on Certificates Valid

4)Open Certificate Path tab and you will see the following path levels

5) Need to export the certificate for both 1&2 marked in the image

6) To export certificate, click on view Certificate, Got to Details Tab and click on Copy to file

7)choose BASE 64 encoding

8) click on Next and save that file to a location, Do this for No. (2) shown in setp 4

9) Open the .cer file and copy the content to the end of .crt file which you used to configure in php.ini

Then try running comport install - It's worked for me

Process should be same if you see composer throwing ssl error when accessing sites over proxy.

score 6 · Answer 5 · answered Mar 10 '15 at 05:22

6

Adding openssl.cafile to php.ini worked for me too. Instead of looking for the cert file, I downloaded it directly:

curl http://curl.haxx.se/ca/cacert.pem > cacert.pem

and then just pointed openssl.cafile setting to it.

answered Mar 10 '15 at 05:22

phoenix

1,629
20
11

It is a security issue to download from an insecure source (http) to root certificates. Only amateurs do that and then they get hacked. – Daniel W. Oct 24 '16 at 16:26
1

@Kwadz use the https link instead, put the file onto your server via SSH/SFTP/SCP. – Daniel W. Jun 13 '18 at 15:49

score 5 · Answer 6 · answered Apr 15 '19 at 09:22

5

1.

php -r "print_r(openssl_get_cert_locations());"

array(8) {
  ["default_cert_file"]=>
  string(31) "/usr/local/etc/openssl/cert.pem"
  ...
}

2.vim php.ini

[openssl]
openssl.cafile=/usr/local/etc/openssl/cert.pem

answered Apr 15 '19 at 09:22

shengji yin

51
1
1

score 2 · Answer 7 · edited Mar 08 '18 at 19:29

2

composer clearcache

This worked for me when I get error :

https://packagist.org could not be fully loaded, package information was loaded from the local cache and may be out of date

edited Mar 08 '18 at 19:29

Syscall

19,327
10
37
52

answered Mar 08 '18 at 19:12

sim

21
1

Now I get the following error: `curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: unable to get local issuer certificate`, how do I solve it? – Pathros Feb 08 '23 at 16:50

score 1 · Answer 8 · edited Jun 21 '15 at 01:45

1

On the mac with XAMPP:

cd /Applications/XAMPP/xamppfiles/share/openssl

sudo curl -O -k http://curl.haxx.se/ca/cacert.pem

sudo mv cacert.pem cert.pem

Stop and Restart Apache

edited Jun 21 '15 at 01:45

jww

97,681
90
411
885

answered Jun 20 '15 at 08:35

user5030739

29
2

Amanuel Nega · Answer 9 · 2016-10-27T06:45:22.987

First: Check certificate file location which will be in default_cert_file key, you will found it in openssl_get_cert_locations() its a php openssl function. You can run it as follows:

$ php -r "print_r(openssl_get_cert_locations());"

Output in my system

    Array
    (
        [default_cert_file] => /opt/lampp/share/openssl/cert.pem
        [default_cert_file_env] => SSL_CERT_FILE
        [default_cert_dir] => /opt/lampp/share/openssl/certs
        [default_cert_dir_env] => SSL_CERT_DIR
        [default_private_dir] => /opt/lampp/share/openssl/private
        [default_default_cert_area] => /opt/lampp/share/openssl
        [ini_cafile] => 
        [ini_capath] => 
    )

Second: Download http://curl.haxx.se/ca/cacert.pem:

$ wget http://curl.haxx.se/ca/cacert.pem

Third: Copy certificate.pem file into default_cert_file location:

$ sudo mv cacert.pem /opt/lampp/share/openssl/cert.pem

** FROM https://github.com/composer/composer/issues/3346 **

score 1 · Answer 10 · edited Apr 05 '22 at 22:45

I would like to add a simple answer.

Your problem: The composer is unable to download dependency files due to an incorrect certificate, either it is corrupt, incorrect, or not in place at all.

Your potential easiest solution: Download a new certificate and tell Composer to use the new one.

Step 1: Get CA Certificate from https://curl.se/docs/caextract.html

Step 2: Use the following command to use new certificate composer config --global cafile "<file_path_including_cacert.pem"

score 0 · Answer 11 · answered Oct 26 '17 at 17:50

For us, this issue only seemed to affect one of our private repositories. It may have had something to do with certs or a corporate firewall, but it seemed intermittent so we weren't able to confirm before we found a different fix.

Inside composer.json, we changed the repository URL from the https to the ssh variant and added the "no-api": trueoption:

"repositories": [
    {
      "type": "vcs",
      "url": "git@github.com:our-user/our-repo.git",
      "no-api": true
    }
]

With that edit, composer update/install operations were able to complete successfully.

score 0 · Answer 12 · answered Sep 03 '19 at 09:09

0

Simply add this configuration to your composer.json file.

"config": {
"secure-http": false
}

Here is an full example of a working composer.json file

  "repositories": [{
    "type": "composer",
    "url": "http://packagist.org"
  }],
  "require": {
    "phpmailer/phpmailer": "^6.0"
  },
  "config": {
    "secure-http": false
  }
}
```

answered Sep 03 '19 at 09:09

Leon

485
4
11

you never want to go the insecure route. You want to always fix the security errors, not brush them aside and ignore them. There is a reason for the error! – Danny F Oct 28 '21 at 13:25

Composer update fails while updating from packagist

12 Answers12

Linked