30

I get this error:

"Problem with the SSL CA cert (path? access rights?)"

When doing:

$curl = curl_init('https://example.com' . ($method == 'GET' && $params ? '?' . $params : ''));

curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); 
$response = curl_exec($curl);

print curl_error($curl)

Works ok on another server.

The SSL is using NSS. PHP 5.3.6

Adam Jimenez
  • 3,085
  • 3
  • 35
  • 32

6 Answers6

27

Had this happen to two servers which use the PayPal IPN, both at around the same time.

Fix was to restart Apache.

chris
  • 3,019
  • 23
  • 21
  • 1
    Had it happen too. An automatic update had happened, which created a new /etc/pki/nssdb/pkcs11.txt (and moved the old one to /etc/pki/nssdb/pkcs11.txt.rpmnew). File contents were the same. There were no warnings or other information in the logs. I have no idea if the automatic update was the culprit though. Anyhow, a restart of php-fpm did solve the issue. – Sérgio Carvalho Sep 29 '14 at 13:30
  • 5
    Worth mentioning for me at least that a simple graceful restart of Apache wasn't enough. I had to restart the service (i.e. `service httpd restart`). Not sure why that made the difference, but it did. – Johno Sep 29 '14 at 15:19
  • 1
    For those who use nginx + php-fpm on CentOS: `sudo service php-fpm restart` should do the trick – Oleg Oct 10 '14 at 08:07
  • I can confirm that this helped me as well. After going up and down trying to find why cURL in PHP would work on the CLI but not in Apache, a simple Apache restart fixed the issue. RHEL 6.5. – dotancohen Oct 20 '14 at 09:43
  • Was this successful for anyone running a Jetty server? – Janac Meena Jul 08 '16 at 18:25
13

If you are getting "Problem with the SSL CA cert (path? access rights?)" it may very well mean that you have either deleted everything from /etc/pki/tls/certs/ or have set invalid permissions (CHMOD).

If you are using RHEL/CentOS, try yum reinstall openssl ca-certificates -y

Gajus
  • 69,002
  • 70
  • 275
  • 438
7

Just upgraded to PHP 5.5.17 and this is when the trouble started. The server runs PayPal transactions and cURL started failing on this error: "Problem with the SSL CA cert (path? access rights?)".

I tried regenerating the certs, modifying the curl options, nothing was getting me anywhere. The solution was to simply reboot the server (CentOS 6.5 in my case). Hope this helps someone.

gillytech
  • 3,595
  • 2
  • 27
  • 44
1

It happen to me after update of packages.

Once I restarted the apache it got fixed.

Then I installed it at production server and I got it again. This time it was mess at the certificates under /etc/pki/tls/certs/

Backup the files and this command will fix it:

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

Pavel Jiri Strnad
  • 196
  • 11
0

On Ubuntu, you need to install CA certificates to allow SSL-based applications to check for the authenticity of SSL connections by:

sudo apt-get install ca-certificates

See: cURL not working (Error #77) for SSL connections

kenorb
  • 155,785
  • 88
  • 678
  • 743
0

got it working by renaming the nssdb:

mv /etc/pki/nssdb /etc/pki/nssdb.old
Martin Tournoij
  • 26,737
  • 24
  • 105
  • 146
Adam Jimenez
  • 3,085
  • 3
  • 35
  • 32
  • 1
    This solution didn't work for me for some reason. It seems like the problem was caused by upgrade of libcurl. In my case I don't want any validation whatsoever but I can't seem to be able to disable the whole thing. Does anybody have any other suggestions? – Greg Feb 28 '13 at 11:30