I'm setting up a new Laravel 5.8 Homestead with VirtualBox, everything is ok except curl
that gets me an
'cURL error 60: SSL certificate problem'
when using Guzzle client. (I do not want to ignore ssl)
Any idea? Thanks a lot
I tried to replace:
curl.cainfo = /etc/ssl/certs/ca-certificates.crt
by
curl.cainfo = /etc/ssl/certs/cacert.pem
downloaded from https://curl.haxx.se/ca/cacert.pem
in /etc/php/7.3/fpm/php.ini (and also 7.1, 7.2)
Ok, the problem seems solved. For those who have the same problem:
When you try to curl your own local websites over https, curl verifies that the certificate exists in /etc/ssl/certs/ca-certificates.crt, obviously it does not exist.
You have to open the certificate file generated by your Homestead.yaml with vim (or cat) located in:
/etc/nginx/ssl/ca.homestead.homestead.crt
and copy the contents at the end of the default ca-certificate.crt located in
/etc/ssl/certs/ca-certificates.crt
It's quite normal that the default ca-certificates.crt does not contain your personal certificates.
That's all !
Check if website is not using custom ssl certificate.
Try to open the certificates in chrome and exported all certificates and add them to a custom custom.pem
Then using it with Guzzle this way:
$client = new Guzzle\Http\Client();
$client->setDefaultOption('verify', '/path/to/custom.pem');
Now it might work!
You can also download a certificate with the openssl command , but I my case it wasn't the right certificate. So I had to download them manually.
Hope this helps!
For more you can visit this issue
Homestead.yaml
contains ssl: true
at root levelvagrant ssh
cd /etc/nginx/ssl
sudo rm ca.homestead.homestead.*
- or just move them to a temporary folder you can create on /etc/nginx/ssl
vagrant provision
- it will generate new cert files.cp ca.homestead.homestead.crt /home/vagrant/your-shared-directory
- For example, if in your Homestead configuration you have mapped C:/username /home/vagrant/projects
, you should find the ca.homestead.homestead.crt
into C:/projects
. chrome://settings
for Chrome or about:preferences#privacy
for FirefoxIf even after this procedure the error persists, but you can see a little padlock like and your web application is constantly accessing some API, you may need to check if this API has a valid certification.
If this API cert is OK, you should check if your web application .env
file for example is pointing the this API using https://
or http://
something like API_URL=http://api.test
. Just edit it and try again.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.