Question

Getting error 60 when using cURL against my new site

Posted April 4, 2019 4.3k views
UbuntuLinux Commands

I cannot use cURL against my new site, which is causing WordPress issues. Server is Ubuntu 18.04. Certificate came from CloudFlare and I get an A+ on SSLLabs. It is installed and functional in the web server. I downloaded the latest curl-cacert.pem and verified the file integrity with shasum.

Using cURL on a Ubuntu 16.04 server (at another provider) works fine.

The error message suggests checking https://curl.haxx.se/docs/sslcerts.html but I did not find my answer there. They suggested the –cacert flag but that makes no difference.

I already have installed the ca-certificates package and it is the latest version.

strace suggests some missing certificate files but I’m not sure how to rectify that. I tried symlinking various files into the place of the missing file but no gold.

What should I try next?

root@web01:~# curl https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# cd /etc/ssl/certs/; wget https://curl.haxx.se/ca/cacert.pem.sha256; shasum -c cacert.pem.sha256; rm -f cacert.pem.sha256; cd
--2019-04-04 05:15:49--  https://curl.haxx.se/ca/cacert.pem.sha256
Resolving curl.haxx.se (curl.haxx.se)... 151.101.22.49, 2a04:4e42:5::561
Connecting to curl.haxx.se (curl.haxx.se)|151.101.22.49|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 77 [application/x-pem-file]
Saving to: ‘cacert.pem.sha256’

cacert.pem.sha256                                              100%[=================================================================================================================================================>]      77  --.-KB/s    in 0s

2019-04-04 05:15:49 (6.35 MB/s) - ‘cacert.pem.sha256’ saved [77/77]

cacert.pem: OK
root@web01:~# curl --cacert /etc/ssl/certs/curl.cacert.pem https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# curl --cacert /etc/ssl/certs/ca-certificates.crt https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# curl --cacert /etc/ssl/certs/securecoop.com.pem https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# apt-get install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20180409).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@web01:~# strace -o curl.log curl https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# grep "No such file" curl.log | grep "/etc/ssl/"
stat("/etc/ssl/certs/d947dbd7.0", 0x7ffd70bfeff0) = -1 ENOENT (No such file or directory)
stat("/etc/ssl/certs/d947dbd7.0", 0x7ffd70bfeff0) = -1 ENOENT (No such file or directory)
root@web01:~# ln -s /etc/ssl/certs/securecoop.com.pem /etc/ssl/certs/d947dbd7.0
root@web01:~# curl https://securecoop.com/
curl: (35) error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
root@web01:~# rm -f /etc/ssl/certs/d947dbd7.0
root@web01:~# ln -s /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/d947dbd7.0
root@web01:~# curl https://securecoop.com/
curl: (35) error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
root@web01:~# rm -f /etc/ssl/certs/d947dbd7.0
root@web01:~# ln -s /etc/ssl/certs/curl.cacert.pem /etc/ssl/certs/d947dbd7.0
root@web01:~# curl https://securecoop.com/
curl: (35) error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
root@web01:~# rm -f /etc/ssl/certs/d947dbd7.0
root@web01:~#
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

My misconfiguration. I had placed the IP of my server in /etc/hosts as the domain name; but I was using CloudFlare and cURL was confused by the IP. Commented out this in /etc/hosts and all is well.

1.2.3.4 securecoop.com

Submit an Answer