slim12kg's avatar

cURL error 60: SSL certificate problem: unable to get local issuer certificate

I just installed mandrill and tried sending a message using the Maill::Send function but i get the error ": cURL error 60: SSL certificate problem: unable to get local issuer certificate". I actually thought it was a problem with curl not on my windows, so i installed curl and a certificated, yet it persist. Any idea what might be the problem?

0 likes
83 replies
nolros's avatar

Assuming there are no issues with your code, it could be your firewall. Try disabling your firewall to test.

1 like
hackernewbie's avatar

@nolros Bingo, disabling my AVG anti-virus did it.

However, it's quiet surprising because, on the same system and after creating many new laravel projects, I have never had to do that!

bashy's avatar

You can ignore that warning and give cURL the -k or --insecure param to omit that message.

It's just because it's trying to connect to HTTPS and doesn't have the cert to verify it.

7 likes
bashy's avatar

Could be due to firewall as nolros said, have you tried that?

Guess you can't add those params on Mail class stuff.

wolfiezero's avatar

I'm getting this using Guzzle POSTing to a HTTPS address from my local Homestead VM.

Am I right in thinking I need to make a certificate type file? I've only looked into this issue in the last hour so very rusty!

bashy's avatar

Just had a thought, I add Google for my DNS so it could be the default local blocking you from doing it.

sudo nano /etc/resolvconf/resolv.conf.d/base

Add in this

# Google
nameserver 8.8.8.8
nameserver 8.8.4.4

Then to update the /etc/resolv.conf file, run this

sudo resolvconf -u
null05's avatar

Solution:

Make sure that you have "guzzlehttp/guzzle": "~4.0". It has to be THIS particular version. Can't be higher.

I installed mine using composer require guzzlehttp/guzzle and it installed version 5.2. Which cause it not to send emails. Correcting composer.json and running "composer update" fixed it straight away.

5 likes
Sven0188's avatar

I had the exact same but on Windows & xampp. My solution was as simple as: Follow this link: http://curl.haxx.se/ca/cacert.pem Copy the entire page and save it in a: "cacert.pem"

Then in your php.ini file insert or edit the following line: curl.cainfo = "[pathtothisfile]\cacert.pem"

Problem solved

83 likes
bashy's avatar

It's related to cURL not being able to get the above file. Providing it solves it but it's better to fix the main problem.

ahmedsoliman's avatar

@Sven0188

Dear,

First thanks, I try to do it with putting the line curl.cainfo = "[pathtothisfile]\cacert.pem" in a helper file and load this helper in a composer, but i want to know what is the pathtothisfile ? and where can i put the "cacert.pem" file exactly

Thanks

sitesense's avatar

I don't know how you are using Guzzle or how it's called within your program but you could try the options below if you can access the Guzzle instance:

// disable cert verification
$guzzle->setDefaultOption('verify', false);

// use a cert
$guzzle->setDefaultOption('verify', '/path/to/cacert.pem');

Where to store the cert? Well it doesn't really matter - maybe /resources/assets/?

5 likes
Sven0188's avatar

@Moez

This is where I have put the pem file exactly: D:\xampp\php\extras\ssl

In other words under your PHP\extras\ssl folder. I am using XAMP as PHP stack.

Hope it helps

4 likes
GeoffGordon's avatar

I just spent a number of hours grappling with this. The correct answer is indeed to put the cacert.pem file and amend the php.ini file to match as suggested by Moez above. ..... but I kept on getting CURL error 60's The trick was getting a clean copy of the PEM file! Any method involving windows notepad or other editors corrupts the file and gives the cURL error 60 etc. Finally I found https://gist.github.com/VersatilityWerks/5719158/download and downloaded a tar file with a clean copy of the cacert.pem file ...... it then all worked perfectly.

Hope this saves others time.

26 likes
SachinAgarwal's avatar

@GeoffGordon That is just a workaround I say. Because there is no such error with Guzzle 4. When we use Guzzle 4 it do not throw such error but for Guzzle 5 it throws.

bashy's avatar

It's probably how Guzzle 4/5 handle the command used with cURL. I haven't looked at the code but maybe it ignores SSL certs...

JapSeyz's avatar

Anyone figured this out? I am not sure how to access the Guzzle instance.

stickman373's avatar

This worked for me:

"Solution:

Make sure that you have "guzzlehttp/guzzle": "~4.0". It has to be THIS particular version. Can't be higher.

I installed mine using composer require guzzlehttp/guzzle and it installed version 5.2. Which cause it not to send emails. Correcting composer.json and running "composer update" fixed it straight away."

1 like
lihaibh's avatar

When downgrade to "guzzlehttp/guzzle": "~4.0" it really solved the problem.

wahidsherief's avatar

hi, i am also facing 'cURL Error # 60: SSL certificate problem: unable to get local issuer certificate' problem while implementing oauth-5 login with yahoo in my laravel 5.1 project. i tried above and but still having problem. pls pay ur kind attention. Thanks in advance .

abdullahnaseer's avatar

Use "guzzlehttp/guzzle": "~5.3|~6.0" in composer.json file after adding carcet.pem fileinfo in php.ini. Not use require command for guzzlehttp/guzzle. After it, if it throws another error that it cant load one of the symfony library. so i manually add this "symfony/psr-http-message-bridge": "^0.2.0". It works for me.

xelha110's avatar

Well I'm using windows 10, and I solved this particular problem , just editing the composer.json using the version 4.0

I tried with the 6.0 and the 5.0 but it doesnt work at all, so the quicker solution is just copy and paste

"guzzlehttp/guzzle": "~4.0" and on the command line write: composer update, and it should work.

Cheers.

jokamjohn's avatar

i have tried everything mentioned above but i still get the same error. i am using socialite for facebook authentication. some help thanks.

barkingsand22's avatar

I had the same problem. I changed my guzzlehttp/guzzle entry to: "guzzlehttp/guzzle": "~4.0", and I performed a "composer update", and it worked! Thanks for the help all!

layer7's avatar

Just a bit of background on this 'issue' for the people who want to understand what's going on.

As far as I can tell from their GitHub repos, Guzzle used to provide a cacert.pem, but they don't seem to do that anymore. Now, on Windows libcurl (which is used to drive the curl extension for PHP) can't access Windows's certificate store. It needs this information however to check if the SSL certificates provided on https:// URL's are valid. cacert.pem basically contains a dump of the most well-known certificate authorities, these are the companies giving out commercial SSL certificates. So if curl/libcurl/guzzle/... doesn't have any list of valid certificate issuers that it can trust, it will just tell you everything is untrusted. On Linux and Mac, curl/libcurl is usually configured correctly to use the system-provided list in /etc/ssl/certs/ca-certificates.crt

In short: the "right" way to handle this issue is to provide the cacert.pem, not downgrading your software. Keep in mind that this file updates once every while. Check here to get the latest version: https://github.com/bagder/ca-bundle or create your own using the link provided in the README for ca-bundle.

7 likes
Afaceri's avatar

I had the same problem when I tried to make an app with Facebook login so the solution was that:

  1. changed the composer file composer.json to look like

"require": { "php": ">=5.5.9", "laravel/framework": "5.1.*", "laravel/socialite": "^2.0", "guzzlehttp/guzzle": "~4.0" },

  1. in command line type: composer update

I hope that you can use that...

Next

Please or to participate in this conversation.