Laravel Homestead : How to fix 'cURL error 60: SSL certificate problem'

Question

I'm setting up a new Laravel 5.8 Homestead with VirtualBox, everything is ok except curl that gets me an

'cURL error 60: SSL certificate problem'

when using Guzzle client. (I do not want to ignore ssl)

Any idea? Thanks a lot

I tried to replace:

curl.cainfo = /etc/ssl/certs/ca-certificates.crt 

by

curl.cainfo = /etc/ssl/certs/cacert.pem

downloaded from https://curl.haxx.se/ca/cacert.pem

in /etc/php/7.3/fpm/php.ini (and also 7.1, 7.2)

Answer 1

Ok, the problem seems solved. For those who have the same problem:

When you try to curl your own local websites over https, curl verifies that the certificate exists in /etc/ssl/certs/ca-certificates.crt, obviously it does not exist.

You have to open the certificate file generated by your Homestead.yaml with vim (or cat) located in:

/etc/nginx/ssl/ca.homestead.homestead.crt

and copy the contents at the end of the default ca-certificate.crt located in

/etc/ssl/certs/ca-certificates.crt 

It's quite normal that the default ca-certificates.crt does not contain your personal certificates.

That's all !

Answer 2

Check if website is not using custom ssl certificate.

Try to open the certificates in chrome and exported all certificates and add them to a custom custom.pem

Then using it with Guzzle this way:

$client = new Guzzle\Http\Client();
$client->setDefaultOption('verify', '/path/to/custom.pem');

Now it might work!

You can also download a certificate with the openssl command , but I my case it wasn't the right certificate. So I had to download them manually.

Hope this helps!

For more you can visit this issue

Answer 3

1. make sure your Homestead.yaml contains ssl: true at root level
2. vagrant ssh
3. cd /etc/nginx/ssl
4. delete all cert files with sudo rm ca.homestead.homestead.* - or just move them to a temporary folder you can create on /etc/nginx/ssl
5. exit vagrant, and try vagrant provision - it will generate new cert files.
6. repeat steps 1 and 2
7. cp ca.homestead.homestead.crt /home/vagrant/your-shared-directory - For example, if in your Homestead configuration you have mapped C:/username /home/vagrant/projects , you should find the ca.homestead.homestead.crt into C:/projects .
8. Open your browser settings - chrome://settings for Chrome or about:preferences#privacy for Firefox
9. find Manage / View Certificates
10. Click Import and browse for the certificate you just copied from your virtual machine on to your local machine
11. Under the section labelled Place all certificates in the following store , find and select Trust Root Certification Authorities .
12. Restart your web browser

If even after this procedure the error persists, but you can see a little padlock like and your web application is constantly accessing some API, you may need to check if this API has a valid certification.

If this API cert is OK, you should check if your web application .env file for example is pointing the this API using https:// or http:// something like API_URL=http://api.test . Just edit it and try again.