Fix debian 8/9 “curl: (60) SSL certificate problem: certificate has expired”

example error
curl -I
curl: (60) SSL certificate problem: unable to get local issuer certificate

test cURL .php script ––#confirm
// create curl resource
$ch = curl_init();

// set url
curl_setopt($ch, CURLOPT_URL, "");

//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$errorFile = dirname(__FILE__) . '/curl_error.txt';
$out = fopen($errorFile, "w");
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, $out);

// $output contains the output string
$output = curl_exec($ch);


echo "<h1>LOG</h1>";
echo "<pre>";
echo htmlspecialchars(file_get_contents($errorFile));
echo "</pre>";

if apt-get install –reinstall ca-certificates not work, try
wget --no-check-certificate -O - | bash
#!/usr/bin/env bash

if [[ $(lsb_release -sc) = "jessie" || $(lsb_release -sc) = "stretch" ]]; then
apt-get install ca-certificates -y
sed -i -e 's|mozilla/DST_Root_CA_X3.crt|#mozilla/DST_Root_CA_X3.crt|g' /etc/ca-certificates.conf
sed -i -e 's|mozilla/ISRG_Root_X1.crt|#mozilla/ISRG_Root_X1.crt|g' /etc/ca-certificates.conf
wget --no-check-certificate -O /usr/local/share/ca-certificates/lets-encrypt-r3.crt
wget --no-check-certificate -O /usr/local/share/ca-certificates/isrgrootx1.crt
update-ca-certificates -f
if [[ $(lsb_release -sc) = "buster" ]]; then
apt-get update --allow-releaseinfo-change -y
apt-get install ca-certificates -y

but for me, this fixed –
cd /etc/ssl/certs/
wget --no-check-certificate
echo "cacert = /etc/ssl/certs/cacert.pem" > /root/.curlrc
echo "ca_directory = /etc/ssl/certs/" > /root/.wgetrc
vim /etc/php/7.0/fpm/php.ini
#edit curl.cainfo = "/etc/ssl/certs/cacert.pem"
#edit openssl.cafile="/etc/ssl/certs/cacert.pem"
service php7.0-fpm restart
service nginx restart

worked, test again with script .php above or cURL commandline
curl -I
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1

Blog | , , , ,
Line it!