Fc178 download app ios.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved

(@cdevidal)

In the Health Check plugin I see “cURL error 60: SSL certificate problem: unable to get local issuer certificate”.

I downloaded the latest cURL cacert.pem to /etc/ssl/certs/curl.cacert.pem, the SHA sum matches, permissions allow the web server to read both it and traverse the directory structure above it.

In php.ini curl.cainfo = “/etc/ssl/certs/curl.cacert.pem” and yes I’ve restarted Apache. I had even disabled all plugins as a test.

I have enabled WordPress debugging and PHP error logging. I see nothing about this in the Apache error.log, PHP error log, or WordPress debug.log. I see details about other activities in for example the access.log; but when I refresh the Health Check page, no details useful for debugging.

What should I look at next?

root@web01:~# ls -l /etc/ssl/certs/curl.cacert.pem
-rw-r--r-- 1 root root 219596 Jan 23 04:12 /etc/ssl/certs/curl.cacert.pem
root@web01:~# ls -ld /etc/ssl/certs/
drwxrwxr-x 2 root root 20480 Apr  4 03:26 /etc/ssl/certs/
root@web01:~# ls -ld /etc/ssl/
drwxrwxr-x 4 root root 4096 Dec 23 04:10 /etc/ssl/
root@web01:~# ls -ld /etc/
drwxr-xr-x 119 root root 12288 Apr  4 03:16 /etc/
root@web01:~# ls -ld /
drwxr-xr-x 25 root root 4096 Apr  4 00:05 /
root@web01:~# ps -ef | grep -i apache
root     14242  9772  0 03:42 pts/1    00:00:00 vim /etc/php/7.2/apache2/php.ini
root     14403     1  0 03:43 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 15009 14403  0 03:52 ?        00:00:01 /usr/sbin/apache2 -k start
www-data 15037 14403  0 03:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 15038 14403  0 03:53 ?        00:00:01 /usr/sbin/apache2 -k start
root     15505 14849  0 04:00 pts/3    00:00:00 grep --color=auto -i apache
root@web01:~#

In php.ini:

error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
log_errors = On
error_log = /var/log/php/error.log
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,system,exec,shell_exec,passthru,phpinfo,show_source,popen,proc_open,fopen_with_path,dbmopen,dbase_open,putenv,move_uploaded_file,chdir,rename,filepro,filepro_rowcount,filepro_retrieve,posix_mkfifo,

In wp-config.php:

define('WP_DEBUG', true);
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true );

root@web01:~# find /var/www/html/ -name debug.log
root@web01:~#

root@web01:~# cd /etc/ssl/certs/
root@web01:/etc/ssl/certs# wget https://curl.haxx.se/ca/cacert.pem.sha256
--2019-04-04 04:06:59--  https://curl.haxx.se/ca/cacert.pem.sha256
Resolving curl.haxx.se (curl.haxx.se)... 151.101.22.49, 2a04:4e42:5::561
Connecting to curl.haxx.se (curl.haxx.se)|151.101.22.49|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 77 [application/x-pem-file]
Saving to: ‘cacert.pem.sha256’

cacert.pem.sha256                                              100%[=================================================================================================================================================>]      77  --.-KB/s    in 0s

2019-04-04 04:06:59 (8.20 MB/s) - ‘cacert.pem.sha256’ saved [77/77]

root@web01:/etc/ssl/certs# shasum -c cacert.pem.sha256
cacert.pem: OK
root@web01:/etc/ssl/certs#

This topic was modified 5 years, 8 months ago by Jan Dembowski. Reason: Fixed formatting

The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

Thread Starter

Better Automations

(@cdevidal)

5 years, 8 months ago

Seems this problem is not limited to WP. I followed the URL mentioned in the error output below but did not see on that page what I must do next. Tried the –cacert flag to no avail. The ca-certificates package is already installed and at the latest version.

root@web01:~/deleteme# apt-get install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20180409).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@web01:~/deleteme# curl https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~/deleteme# curl --cacert /etc/ssl/certs/ca-certificates.crt https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~/deleteme# curl --cacert /etc/ssl/certs/curl.cacert.pem https://securecoop.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@web01:~/deleteme#

Thread Starter

Better Automations

(@cdevidal)

5 years, 8 months ago

Solved. I had my server’s IP in /etc/hosts as the domain name. When I commented out this entry it started working.
#1.2.3.4 SecureCoop.com