I cannot use cURL against my new site, which is causing WordPress issues. Server is Ubuntu 18.04. Certificate came from CloudFlare and I get an A+ on SSLLabs. It is installed and functional in the web server. I downloaded the latest curl-cacert.pem and verified the file integrity with shasum.
Using cURL on a Ubuntu 16.04 server (at another provider) works fine.
The error message suggests checking https://curl.haxx.se/docs/sslcerts.html but I did not find my answer there. They suggested the --cacert flag but that makes no difference.
I already have installed the ca-certificates package and it is the latest version.
strace suggests some missing certificate files but I’m not sure how to rectify that. I tried symlinking various files into the place of the missing file but no gold.
What should I try next?
root@web01:~# curl https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# cd /etc/ssl/certs/; wget https://curl.haxx.se/ca/cacert.pem.sha256; shasum -c cacert.pem.sha256; rm -f cacert.pem.sha256; cd
--2019-04-04 05:15:49-- https://curl.haxx.se/ca/cacert.pem.sha256
Resolving curl.haxx.se (curl.haxx.se)... 151.101.22.49, 2a04:4e42:5::561
Connecting to curl.haxx.se (curl.haxx.se)|151.101.22.49|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 77 [application/x-pem-file]
Saving to: ‘cacert.pem.sha256’
cacert.pem.sha256 100%[=================================================================================================================================================>] 77 --.-KB/s in 0s
2019-04-04 05:15:49 (6.35 MB/s) - ‘cacert.pem.sha256’ saved [77/77]
cacert.pem: OK
root@web01:~# curl --cacert /etc/ssl/certs/curl.cacert.pem https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# curl --cacert /etc/ssl/certs/ca-certificates.crt https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# curl --cacert /etc/ssl/certs/securecoop.com.pem https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# apt-get install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20180409).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@web01:~# strace -o curl.log curl https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~# grep "No such file" curl.log | grep "/etc/ssl/"
stat("/etc/ssl/certs/d947dbd7.0", 0x7ffd70bfeff0) = -1 ENOENT (No such file or directory)
stat("/etc/ssl/certs/d947dbd7.0", 0x7ffd70bfeff0) = -1 ENOENT (No such file or directory)
root@web01:~# ln -s /etc/ssl/certs/securecoop.com.pem /etc/ssl/certs/d947dbd7.0
root@web01:~# curl https://securecoop.com/
curl: (35) error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
root@web01:~# rm -f /etc/ssl/certs/d947dbd7.0
root@web01:~# ln -s /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/d947dbd7.0
root@web01:~# curl https://securecoop.com/
curl: (35) error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
root@web01:~# rm -f /etc/ssl/certs/d947dbd7.0
root@web01:~# ln -s /etc/ssl/certs/curl.cacert.pem /etc/ssl/certs/d947dbd7.0
root@web01:~# curl https://securecoop.com/
curl: (35) error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
root@web01:~# rm -f /etc/ssl/certs/d947dbd7.0
root@web01:~#
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
My misconfiguration. I had placed the IP of my server in /etc/hosts as the domain name; but I was using CloudFlare and cURL was confused by the IP. Commented out this in /etc/hosts and all is well.
#1.2.3.4 securecoop.com
This comment has been deleted
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.