CURL has an error — SSL certificate problem: unable to get local issuer certificate

Home » Bug fixes » CURL has an error — SSL certificate problem: unable to get local issuer certificate
July 30, 2019 Bug fixes

Resolve cURL error

Problem: During site grab, used CURL and have warning message:

SSL certificate problem: unable to get local issuer certificate.

CURL has an error — SSL certificate problem: unable to get local issuer certificate

Solution: This problem arises because of misconfigured servers and errors of transfer certificates. Run all steps in Terminal (Ctrl + Alt + T).

Step 1. Run the command and don't forget replace www.yoursite.com on correct domain name of the site 🙂

openssl s_client -connect www.yoursite.com:443 

 CONNECTED(00000003)
    depth=0 OU = Domain Control Validated, CN = *.yoursite.com
    verify error:num=20:unable to get local issuer certificate // !A situation here!
    verify return:1
    depth=0 OU = Domain Control Validated, CN = *.yoursite.com
    verify error:num=21:unable to verify the first certificate // !A situation here!
    verify return:1
    ---
    Certificate chain
     0 s:/OU=Domain Control Validated/CN=*.yoursite.com
       i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2

Step 2. Go to address that we got in result execute previous command. In our case it's GoDaddy and download certificates (I downloaded 2 .pem and .crt):

GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 - gdig2.crt.pem, gdig2.crt

Step 3. Put the certificates to /etc/ssl/certs/ folder.

Step 4. Run rehash command:

c_rehash

That's all 🙂 To check that all right we can run command from first step and if all ok we'll get something like:

CONNECTED(00000003)
    depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
    verify return:1
    depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
    verify return:1
    depth=0 OU = Domain Control Validated, CN = *.yoursite.com
    verify return:1
    ---
    Certificate chain
     0 s:/OU=Domain Control Validated/CN=*.yoursite.com
       i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2

As we can see, errors not found and we can continue grab:

php -f grab.php

Related posts
Leave Comment

Your email address will not be published. Required fields are marked *