0

I'm having an issue with a new SSL certificate from GoDaddy, here's my code:

<?php
$url = "https://myurl.com";
$ch = curl_init($url);

$certificate_location = "ca-bundle.crt"; // modify this line accordingly (may need to be absolute)
curl_setopt($ch, CURLOPT_CAINFO, $certificate_location);
curl_setopt($ch, CURLOPT_CAPATH, $certificate_location);

curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_FORBID_REUSE, TRUE);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);

$result = curl_exec($ch);
$errtext = curl_error($ch);
$errnum = curl_errno($ch);

var_dump($result);
var_dump($errtext);
var_dump($errnum);

This results to error 60 which is SSL certificate problem: unable to get local issuer certificate

I've tried grabbing the latest CA certificates extracted from Mozilla and pointing cURL to use it but nothing works. any ideas?

Broshi
  • 3,334
  • 5
  • 37
  • 52
  • There is no URL given to reproduce the error which makes it hard to help. If you get the error with domains like google.com then there is likely something wrong with your `ca-bundle.crt`. If you get this error only for a specific domain then it is likely a misconfiguration of the domain, typically missing chain certificates. – Steffen Ullrich Jul 04 '19 at 20:18
  • @SteffenUllrich I cant share the original URL, but when I try another URL (also with godaddy ssl cert) I get another error: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dan.co.il:443 – Broshi Jul 04 '19 at 20:21
  • Make sure that `CURLOPT_CAINFO` and `CURLOPT_CAPATH` is a absolute path and not a relative path. – odan Jul 04 '19 at 20:33
  • Possible duplicate: https://stackoverflow.com/a/32095378/1839439 – Dharman Jul 04 '19 at 20:37
  • @odan I did use absolute path, didnt help. – Broshi Jul 04 '19 at 20:39
  • @Dharman tried that too, didn't help. – Broshi Jul 04 '19 at 20:40
  • Why do you use the same value for CURLOPT_CAINFO and CURLOPT_CAPATH? - CURLOPT_CAPATH - specify directory holding CA certificates - CURLOPT_CAINFO - path to Certificate Authority (CA) bundle – odan Jul 04 '19 at 20:49
  • @odan Just a sample I saw, doesnt really matter since even with CAFILE set it doesnt work – Broshi Jul 04 '19 at 21:02
  • @Broshi: the other domain (dan.co.il) has a configuration which is broken in many ways - see the [report from SSLLabs](https://www.ssllabs.com/ssltest/analyze.html?d=dan.co.il). I recommend that you check your setup against SSLLabs too. – Steffen Ullrich Jul 04 '19 at 21:20

1 Answers1

0

Replace the below line of curl call

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);

To

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

CURLOPT_SSL_VERIFYPEER: This option tells cURL to verify the authenticity of the SSL cert on the server.

if you want to verify peer then

1) Enable mod_ssl in Apache and php_openssl.dll in php.ini 2) Add these lines of your cert in php.ini files with the path:

curl.cainfo="yourpath/cacert.pem" openssl.cafile="yourpath/cacert.pem"

3) And Restart the server.

Suraj15689
  • 29
  • 4