Fix debian 8/9 “curl: (60) SSL certificate problem: certificate has expired”

example error
curl -I https://www.google.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
.
.


test cURL .php script –https://smartslider.helpscoutdocs.com/article/2045–#confirm
<?php
// create curl resource
$ch = curl_init();

// set url
curl_setopt($ch, CURLOPT_URL, "https://api.nextendweb.com/");

//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$errorFile = dirname(__FILE__) . '/curl_error.txt';
$out = fopen($errorFile, "w");
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, $out);

// $output contains the output string
$output = curl_exec($ch);

curl_close($ch);
fclose($out);

echo "<h1>LOG</h1>";
echo "<pre>";
echo htmlspecialchars(file_get_contents($errorFile));
unlink($errorFile);
echo "</pre>";

if apt-get install –reinstall ca-certificates not work, try
wget --no-check-certificate -O - https://raw.githubusercontent.com/xenetis/letsencrypt-expiration/main/letsencrypt-expiration.sh | bash
letsencrypt-expiration.sh
#!/usr/bin/env bash

if [[ $(lsb_release -sc) = "jessie" || $(lsb_release -sc) = "stretch" ]]; then
apt-get install ca-certificates -y
sed -i -e 's|mozilla/DST_Root_CA_X3.crt|#mozilla/DST_Root_CA_X3.crt|g' /etc/ca-certificates.conf
sed -i -e 's|mozilla/ISRG_Root_X1.crt|#mozilla/ISRG_Root_X1.crt|g' /etc/ca-certificates.conf
wget --no-check-certificate https://letsencrypt.org/certs/lets-encrypt-r3.pem -O /usr/local/share/ca-certificates/lets-encrypt-r3.crt
wget --no-check-certificate https://letsencrypt.org/certs/isrgrootx1.pem -O /usr/local/share/ca-certificates/isrgrootx1.crt
update-ca-certificates -f
fi
if [[ $(lsb_release -sc) = "buster" ]]; then
apt-get update --allow-releaseinfo-change -y
apt-get install ca-certificates -y
fi
–https://serverfault.com/a/1081021

but for me, this fixed –https://stackoverflow.com/a/31830614
cd /etc/ssl/certs/
wget --no-check-certificate https://curl.se/ca/cacert.pem
echo "cacert = /etc/ssl/certs/cacert.pem" > /root/.curlrc
echo "ca_directory = /etc/ssl/certs/" > /root/.wgetrc
vim /etc/php/7.0/fpm/php.ini
#edit curl.cainfo = "/etc/ssl/certs/cacert.pem"
#edit openssl.cafile="/etc/ssl/certs/cacert.pem"
service php7.0-fpm restart
service nginx restart

worked, test again with script .php above or cURL commandline
curl -I https://www.google.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
.
.

Blog | , , , ,
Line it!