Error in Drupal 8 from Guzzle using Dev Desktop "cURL error 60: SSL certificate..."

Question

MacOS 10.11

Dev Desktop Version 2

PHP 5.6

Attempting to load Drupal 8 template page which contains Google Map. Works on production and dev servers, but not locally. Page gives "The website encountered an unexpected error. Please try again later." error when loading locally and back trace shows the following info:

Error:

GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in GuzzleHttp\Handler\CurlFactory::createRejection() (line 187 of vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php).

Diagnosis:

array(8) { ["default_cert_file"]=> string(68) "/Users/acquia/csbworkdir/dmitrybezer/libopenssl/install/ssl/cert.pem" ["default_cert_file_env"]=> string(13) "SSL_CERT_FILE" ["default_cert_dir"]=> string(65) "/Users/acquia/csbworkdir/dmitrybezer/libopenssl/install/ssl/certs" ["default_cert_dir_env"]=> string(12) "SSL_CERT_DIR" ["default_private_dir"]=> string(67) "/Users/acquia/csbworkdir/dmitrybezer/libopenssl/install/ssl/private" ["default_default_cert_area"]=> string(59) "/Users/acquia/csbworkdir/dmitrybezer/libopenssl/install/ssl" ["ini_cafile"]=> string(47) "/Applications/DevDesktop/common/cert/cacert.pem" ["ini_capath"]=> string(0) "" }

Backtrace:

GuzzleHttp\Handler\CurlFactory::finishError(Object, Object, Object) (Line: 103)
GuzzleHttp\Handler\CurlFactory::finish(Object, Object, Object) (Line: 43)
GuzzleHttp\Handler\CurlHandler->__invoke(Object, Array) (Line: 28)
GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object, Array) (Line: 51)
GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}(Object, Array) (Line: 37)
GuzzleHttp\PrepareBodyMiddleware->__invoke(Object, Array) (Line: 30)
GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object, Array) (Line: 70)
GuzzleHttp\RedirectMiddleware->__invoke(Object, Array) (Line: 57)
GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object, Array) (Line: 67)
GuzzleHttp\HandlerStack->__invoke(Object, Array) (Line: 277)
GuzzleHttp\Client->transfer(Object, Array) (Line: 125)
GuzzleHttp\Client->requestAsync('get', 'https://maps.googleapis.com/maps/api/geocode/json', Array) (Line: 131)
GuzzleHttp\Client->request('get', 'https://maps.googleapis.com/maps/api/geocode/json', Array) (Line: 89)
GuzzleHttp\Client->__call('get', Array) (Line: 273)
GuzzleHttp\Client->get('https://maps.googleapis.com/maps/api/geocode/json', Array) (Line: 273)

It appears that the "default_cert_file" is being used (and doesn't exist locally) and that the file that does exist "/Applications/DevDesktop/common/cert/cacert.pem" isn't. The default is hard wired from the PHP build in Dev Desktop. I'm not sure if Guzzle doesn't bother trying to find other options from the available list or if I have some other problem.

Is there a way to override the "default_cert_file" from php.ini...?? Or is there a better solution?

I went so far as to create the location that the default_cert_file was looking for just to see if that would solve it, but it did not.

Currently I edited my local Guzzle to always skip the check, just so I can get work done. I would prefer a solution, but everything I've read says either I need to edit the php.ini file with a file path (you can see above it's already there) or some are suggesting that it wants the "default_cert_file"... and Guzzle doesn't look at any other and that I should downgrade to an earlier version of Guzzle. I can't do that, this is now part of Drupal. — John Lewis, Jan 23 '18 at 23:20

score 2 · Answer 1 · answered Jan 23 '18 at 23:04

2

Try downloading the certificate file from there:

https://curl.haxx.se/ca/cacert.pem

and append php.ini with

; Added CA file path curl.cainfo = "{REPLACE WITH FILE PATH}/cacert.pem"

You should be good to go

answered Jan 23 '18 at 23:04

ioni

453
1
5
7

It was there but it didn't work. I tried replacing it, but that didn't work either. I have looked at the .pem and it's fine. When I look with drush, it's the correct php.ini file and when I dump I see it (above ["ini_cafile"]=> string(47) "/Applications/DevDesktop/common/cert/cacert.pem" ) – John Lewis Jan 23 '18 at 23:14
I faced a similar problem today on my site which uses an old version of Mailgun (PHP email sender) and Guzzle 3 which is no longer supported. Updating the cacert.pem file within MailGun's folder: `/vendor/guzzle/guzzle/src/Guzzle/Http/Resources/cacert.pem` with the latest Mozilla CA certificate from the link you shared has helped! – dr_rk Jan 24 '18 at 22:39
Yes, I suspect this solution from ioni will help a lot of people. It was the solution suggested by many online, including here on Stack Exchange and I guess the search terms are going to bring other people to this question now as well. Sadly for me it's not working. – John Lewis Jan 25 '18 at 14:30

score 0 · Answer 2 · answered Nov 27 '19 at 21:10

0

Get cacert.pem from the link and then copy to /Program Files(x86)/DevDesktop/common/cert folder. That location is already referenced in php.ini in DevDesktop.

answered Nov 27 '19 at 21:10

jprmsn

25
5

I'm on a Mac. There's no "/Program Files" – John Lewis Nov 28 '19 at 22:37

Error in Drupal 8 from Guzzle using Dev Desktop "cURL error 60: SSL certificate..."

2 Answers2