Yes I've seen the many questions about this, in fact I already had this problem and solved it last year. This time for some reason the solution (adding https://curl.haxx.se/ca/cacert.pem) doesn't work.
The server (my company's) is a node.js app, I registered the server private key, server crt, and the root and intermediate certificates (I think?), the names are DigiCertCA.crt and TrustedRoot.crt. The client is a PHP script making a cURL connection. It had been working fine after I added cacert.pem to php.ini. Recently my company renewed the SSL certificates, and around the same time the client PHP script (another company's) was moved to a production server from dev. Then the SSL broke again.
The website looks fine when opened with chrome (secure https, not broken). Here is the PHP script, simplified to demonstrate the problem. I tried adding the cacert.pem both through php.ini and curl_setopt, with no success. This is running on my local development machine, Windows 10 with xampp 5.6.3
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://example.com');
curl_setopt($ch, CURLOPT_CAINFO, 'D:/xampp/php/extras/ssl/cacert.pem');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
$content = trim(curl_exec($ch));
if (curl_errno($ch)) {
$content = 'ERROR -> ' . curl_errno($ch) . ': ' . curl_error($ch);
}
curl_close($ch);
print $content;
Error message:
60: SSL certificate problem: unable to get local issuer certificate
Additional info:
The error message for the production PHP script is different actually, there it says
curl: (60) Peer's Certificate issuer is not recognized.
I also tried using curl to access other subdomains using my company's certificates and they all give the same error 60. While accessing https://twitter.com is OK
