Composer error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Question

While attempting to clean up our project dependencies, composer is failing with the errors:

The "https://packagist.drupal-composer.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
https://packagist.drupal-composer.org could not be fully loaded, package information was loaded from the local cache and may be out of date 

This is happening on a vagrant CentOS 7 box.

Answer 1

I found one answer that recommended to download the Mozilla CA certificate store and ensuring that openssl.cafile is set in php.ini but that didn't work for me.

I ran wget -v https://packagist.drupal-composer.org/packages.json to see what it returned from both my local machine (it worked correctly) and the vagrant box. The output on the vagrant box was:

--2016-04-24 09:08:30--  https://packagist.drupal-composer.org/packages.json
Resolving packagist.drupal-composer.org... 147.75.205.69
Connecting to packagist.drupal-composer.org|147.75.205.69|:443... connected.
ERROR: cannot verify packagist.drupal-composer.org's certificate, issued by "/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3":
  Issued certificate not yet valid.
To connect to packagist.drupal-composer.org insecurely, use '--no-check-certificate'.

It seemed strange to me that the certificate was coming back as not yet valid, until I realized that the date in the output was off by 2 days (today is 04-26, not 04-24). After fixing the system clock I retried and was able to download all the dependencies.