cagrit
By:
cagrit

SSL error Laravel 5.2 DO Spaces

November 14, 2017 295 views
Applications Ubuntu 16.04

I'm trying to move from S3 to Spaces on Laravel 5.2 Unfortunately, I keep getting SSL problem:

S3Exception in WrappedHttpHandler.php line 192:
Error executing "ListObjects" on "https://MYBUCKETNAME.ams3.digitaloceanspaces.com/?encoding-type=url"; AWS HTTP error: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

.env

...
DO_SPACES_ENDPOINT=https://ams3.digitaloceanspaces.com
DO_SPACES_BUCKET=MYBUCKETNAME
DO_SPACES_REGION=ams3
DO_SPACES_KEY=******************
DO_SPACES_SECRET=******************************************************
...

filesystems.php

...
        'spaces' => [
            'driver' => 'do-spaces',
            'key' => env('DO_SPACES_KEY'),
            'secret' => env('DO_SPACES_SECRET'),
            'region' => env('DO_SPACES_REGION','ams3'),
            'bucket' => env('DO_SPACES_BUCKET'),
            'endpoint' => env('DO_SPACES_ENDPOINT'),
        ]
...

Service Provider:

<?php

namespace App\Providers;

use Illuminate\Support\ServiceProvider;

use Aws\S3\S3Client;
use League\Flysystem\AwsS3v3\AwsS3Adapter;
use League\Flysystem\Filesystem;
use Storage;

class DOSpacesStorageServiceProvider extends ServiceProvider
{
    public function boot()
    {
      Storage::extend('do-spaces', function ($app, $config) {
          $client = new S3Client([
              'credentials' => [
                  'key'    => $config["key"],
                  'secret' => $config["secret"]
              ],
              'region'      => $config["region"],
              'version'     => "latest",
              'bucket_endpoint' => false,
              'use_path_style_endpoint' => false,
              'endpoint'    => $config["endpoint"],
          ]);
          return new Filesystem(new AwsS3Adapter($client, $config["bucket"]));
      });
    }
}

1 Answer

The root of the issue for me was Guzzle/curl (4.0+) on Windows throwing SSL errors (PHP 5.6+).

Stumbled across this when trying to debug why the AWS API was failing, with the following error: AWS HTTP error: cURL error 60: SSL certificate problem: unable to get local issuer certificate. Turns out, this is an error with the root CA not being present on Windows installations for curl to use. Now, you can downgrade Guzzle or flag curl not to check it, but that's obviously not advisable and why not actually fix the crux of the issue? So:

  1. First you'll need to grab the root CA from curl's website, and move it into a directory of your choosing, I recommend your PHP installation directory in extras\ssl

  2. Now that its located on disk, time to tell PHP where it is, so time to open your php.ini in the PHP installation directory

  3. You'll need to uncomment and set the curl.cainfo variable to point to the CA file you put on disk in the previous step, so for me this was curl.cainfo = "C:\PHP7\extras\ssl\cacert.pem" - done!

To test its done through, you can pop open a console and launch php in interactive mode php -a, then run the following command that will echo out the value of the ini flag echo "curl.cainfo: ", ini_get('curl.cainfo'), "\n";, which if it all went well will be the path you set. Any curl requests you execute from now on should work fine.

Have another answer? Share your knowledge.