0

A few days ago our service stopped being able to make HTTPS requests to a certain host, however all other hosts are fine. This is confusing me because from what I've read elsewhere about this error, it's the fault of incorrect/invalid certificates on the sending server - in which case, shouldn't all requests be failing, not just requests to one specific host?

Is it possible for this error to be a misconfiguration on the receiving server and out of our hands, or is it always caused by something on the sender's side? Otherwise what could be making only requests to one host fail? Especially as to my knowledge nothing changed in either our code or our infrastructure for it to suddenly stop working, I'd really like to isolate whether this our fault or the receiver's.

For context we are making the request via Guzzle 6.4.1 and PHP 7.2.34, although I think it's specifically cURL that's the problem? The error message in the exception is cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

callum
  • 57
  • 6
  • Does this answer your question? [cURL error 60: SSL certificate: unable to get local issuer certificate](https://stackoverflow.com/questions/29822686/curl-error-60-ssl-certificate-unable-to-get-local-issuer-certificate) – Markus Zeller Jul 06 '22 at 11:47
  • Not specifically really. I'm particularly wondering about whether this is definitely something to be solved on our side or if the problem lies with the receiving server, and if the former, then the technical reasons behind why only this site is a problem, as under my current understanding of things that seems really bizarre – callum Jul 06 '22 at 11:59
  • 1
    Are you sure your cacert file is up to date? Sometimes there is an expired certificate there and the keychain is not validated. In such case, only the hosts with a keychain that include the expired certificate will fail. – Eineki Jul 06 '22 at 12:11

0 Answers0