cURL error 60: SSL certificate: unable to get local issuer certificate
I am trying to send an API request using Stripe but get the error message:
cURL error 60: SSL certificate problem: unable to get local issuer certificate
This is the code I am running:
public function chargeStripe()
{
$stripe = new Stripe;
$stripe = Stripe::make(env('STRIPE_PUBLIC_KEY'));
$charge = $stripe->charges()->create([
'amount' => 2900,
'customer' => Input::get('stripeEmail'),
'currency' => 'EUR',
]);
return Redirect::route('step1');
}
I searched a lot on Google and lots of people are suggesting that I download this file: cacert.pem, put it somewhere and reference it in my php.ini. This is the part in my php.ini:
curl.cainfo = "C:\Windows\cacert.pem"
Yet, even after restarting my server several times and changing the path, I get the same error message.
I have the ssl_module enabled in Apache, and I have php_curl enabled in my php.ini
.
I have also tried this fix: How to fix PHP CURL Error 60 SSL
Which suggests that I add these lines to my cURL options:
curl_setopt($process, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, true);
Where do I add options to my cURL? Apparently not through the command line, since my CLI doesn't find the command "curl_setopt"
How to solve this problem:
-
download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html
-
save it on your filesystem somewhere (for example, XAMPP users might use
C:\xampp\php\extras\ssl\cacert.pem
) -
in your php.ini, put this file location in the
[curl]
section (putting it in the[openssl]
section is also a good idea):
[curl]
curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"
[openssl]
openssl.cafile = "C:\xampp\php\extras\ssl\cacert.pem"
- restart your webserver (e.g. Apache) and PHP FPM server if applicable
(Reference: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate)
Attention Wamp/Wordpress/windows users. I had this issue for hours and not even the correct answer was doing it for me, because i was editing the wrong php.ini file because the question was answered to XAMPP and not for WAMP users, even though the question was for WAMP.
here's what i did
Download the certificate bundle.
Put it inside of C:\wamp64\bin\php\your php version\extras\ssl
Make sure the file mod_ssl.so
is inside of C:\wamp64\bin\apache\apache(version)\modules
Enable mod_ssl
in httpd.conf
inside of Apache directory C:\wamp64\bin\apache\apache2.4.27\conf
Enable php_openssl.dll
in php.ini
. Be aware my problem was that I had two php.ini files and I need to do this in both of them. First one can be located inside of your WAMP taskbar icon here.
and the other one is located in C:\wamp64\bin\php\php(Version)
find the location for both of the php.ini
files and find the line curl.cainfo =
and give it a path like this
curl.cainfo = "C:\wamp64\bin\php\php(Version)\extras\ssl\cacert.pem"
Now save the files and restart your server and you should be good to go
If you are using PHP 5.6 with Guzzle, Guzzle has switched to using the PHP libraries autodetect for certificates rather than it's process (ref). PHP outlines the changes here.
Finding out Where PHP/Guzzle is Looking for Certificates
You can dump where PHP is looking using the following PHP command:
var_dump(openssl_get_cert_locations());
Getting a Certificate Bundle
For OS X testing, you can use homebrew to install openssl brew install openssl
and then use openssl.cafile=/usr/local/etc/openssl/cert.pem
in your php.ini or Zend Server settings (under OpenSSL).
A certificate bundle is also available from curl/Mozilla on the curl website: https://curl.haxx.se/docs/caextract.html
Telling PHP Where the Certificates Are
Once you have a bundle, either place it where PHP is already looking (which you found out above) or update openssl.cafile
in php.ini. (Generally, /etc/php.ini
or /etc/php/7.0/cli/php.ini
or /etc/php/php.ini
on Unix.)