I’m trying to get composer to work on a remote Windows-machine which is using a proxy, but I always get this error when doing a composer install/update:
[ComposerDownloaderTransportException] curl error 60 while
downloading https://flex.symfony.com/versions.json: SSL certificate
problem: unable to get local issuer certificate
This is my composer.bat:
@echo OFF
:: in case DelayedExpansion is on and a path contains !
setlocal DISABLEDELAYEDEXPANSION
set HTTP_PROXY=<proxyurl>
php "%~dp0composer.phar" %*
Obviously setting the proxy is needed, if I delete the line, the error becomes this:
[ComposerDownloaderTransportException] curl error 28 while
downloading https://flex.symfony.com/versions.json: Operation timed
out after 10000 milliseconds with 0 out of 0 bytes received
composer diag gives me this (with the proxy set):
Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking HTTP proxy: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.0.9
PHP version: 7.4.7
PHP binary path: C:Program FilesPHPcurrentphp.exe
OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
cURL version: 7.69.1 libz 1.2.11 ssl OpenSSL/1.1.1g
zip: extension present, unzip not available
I’ve been through a lot of posts and tutorials, but none of the answers work for me. (Some are just about curl and it’s options to switch off the cert-check but that doesn’t work for composer). Here’s what I have tried:
- Downloaded cacert.pem from http://curl.haxx.se/ca/cacert.pem or https://curl.se/docs/caextract.html (no copy&paste as some said editing the file would corrupt it — however that’s supposed to happen)
- saved the file locally
- activated openssl in php.ini
- edited php.ini and added the path of the cert-file for «curl.cainfo» as well as «openssl.cafile» (according to some posts that makes a difference, so I tried both), used the full path and quotes, like this:
curl.cainfo="C:Program FilesPHPcacert.pem" - moved the pem-file to different directories to make sure no Windows-permissions would make it inaccessible (I also set the file and it’s directory to be accessible by all users just to make sure)
- used
php -r "print_r(openssl_get_cert_locations());"to find out the default certfile-location (it’s «C:Program FilesCommon FilesSSL»), also saved the cert-file there
All of this did not work, the error remains the same.
Then I found a post which set a repository in composer.json and explicitely set the certfile for that repo, so I also tried it and added this to my composer.json:
{
"repositories": [{
"type": "composer",
"url": "https://flex.symfony.com",
"options" : {
"ssl" : {
"cafile" : "cacert.pem"
}
}
}]
}
The file «cacert.pem» is in the same directory as my composer.json, now the error is this:
[ComposerDownloaderTransportException] The
«https://flex.symfony.com/packages.json» file could not be downloaded
(HTTP/2 404 )
which is not that surprising, as trying to access «https://flex.symfony.com/packages.json» via a browser also gives me a 404. (Don’t know if it makes a difference that all at a sudden «packages.json» couldn’t be loaded while the cert-error complained about «versions.json», have no idea which is loaded first and if this error is a «good» sign.)
This trial-and-error journey has been going on for days, I’m out of ideas, so any help is appreciated!
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Comments
Although I have tried many solutions, I cannot install laravel.I was also getting a certificate error when installing a resource with npm today.The problem may have been caused directly by windows’ SSL certificate, but I could not find a solution at all.I followed and did all the ways like php.ini, cacert.pem, but I still didn’t succeed.
I really need help, I’ve been dealing with this problem for days.
Error: curl error 60 SSL certificate problem: unable to get local issuer certificate
It looks like you have SSL disabled, not sure because you did not provide us all the info we ask for (output of composer diagnose would be interesting..) but I would recommend using a modern PHP version with openssl extension enabled, and then modern Composer should work fine.
It looks like you have SSL disabled, not sure because you did not provide us all the info we ask for (output of
composer diagnosewould be interesting..) but I would recommend using a modern PHP version with openssl extension enabled, and then modern Composer should work fine.
That’s what composer diagnostice output looks like right now.As it turns out, you can see the curl error error 60 error here as well.
Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: FAIL
[ComposerDownloaderTransportException] curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: unable to get local issuer certificate
Composer is configured to disable SSL/TLS protection. This will leave remote HTTPS requests vulnerable to Man-In-The-Middle attacks.
Checking github.com rate limit: FAIL
[ComposerDownloaderTransportException] curl error 60 while downloading https://api.github.com/rate_limit: SSL certificate problem: unable to get local issuer certificate
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: Warning: Accessing getcomposer.org over http which is an insecure protocol.
OK
Composer version: 2.0.13
PHP version: 7.4.16
PHP binary path: C:xamppphpphp.exe
OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
cURL version: 7.70.0 libz 1.2.11 ssl OpenSSL/1.1.1i
zip: extension present, unzip not available
Can you run it with composer diagnose -vvv? It should show something like Checked CA file... early on which should indicate which file it used as a certificate authority. I believe you have a corrupt CA file somehow if it can not authenticate our SSL cert.
Can you run it with
composer diagnose -vvv? It should show something likeChecked CA file...early on which should indicate which file it used as a certificate authority. I believe you have a corrupt CA file somehow if it can not authenticate our SSL cert.
At first I asked for my update when I ran it and I updated it with composer self-update. Then, when I ran composer diagnose -vvv the following information came in.And I saw the curl error 60 again.
PHP Warning: Module 'openssl' already loaded in Unknown on line 0
Warning: Module 'openssl' already loaded in Unknown on line 0
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/config.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/auth.json
Reading C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/config.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/auth.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:UsersMuzafferAppDataRoamingComposer/auth.json
Reading C:UsersMuzafferAppDataRoamingComposer/auth.json (C:UsersMuzafferAppDataRoamingComposerauth.json)
You are running Composer with SSL/TLS protection disabled.
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): git branch -a --no-color --no-abbrev -v
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): git describe --exact-match --tags
Executing command (CWD): git --version
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): git log --pretty="%H" -n1 HEAD --no-show-signature
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): hg branch
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): fossil branch list
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): fossil tag list
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): svn info --xml
Reading C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/config.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/auth.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:UsersMuzafferAppDataRoamingComposer/auth.json
Reading C:UsersMuzafferAppDataRoamingComposer/auth.json (C:UsersMuzafferAppDataRoamingComposerauth.json)
Running 2.0.14 (2021-05-21 17:03:37) with PHP 7.4.16 on Windows NT / 10.0
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/config.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/auth.json
Reading C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/config.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/auth.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:UsersMuzafferAppDataRoamingComposer/auth.json
Reading C:UsersMuzafferAppDataRoamingComposer/auth.json (C:UsersMuzafferAppDataRoamingComposerauth.json)
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): git branch -a --no-color --no-abbrev -v
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): git describe --exact-match --tags
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): git log --pretty="%H" -n1 HEAD --no-show-signature
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): hg branch
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): fossil branch list
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): fossil tag list
Executing command (C:/Users/Muzaffer/AppData/Roaming/Composer): svn info --xml
Reading C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/config.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/auth.json
Loading config file C:/Users/Muzaffer/AppData/Roaming/Composer/composer.json (C:UsersMuzafferAppDataRoamingComposercomposer.json)
Loading config file C:UsersMuzafferAppDataRoamingComposer/auth.json
Reading C:UsersMuzafferAppDataRoamingComposer/auth.json (C:UsersMuzafferAppDataRoamingComposerauth.json)
Checking platform settings: OK
Checking git settings: Executing command (CWD): git config color.ui
OK
Checking http connectivity to packagist: Downloading http://repo.packagist.org/packages.json
[200] http://repo.packagist.org/packages.json
OK
Checking https connectivity to packagist: Downloading https://repo.packagist.org/packages.json
FAIL
[ComposerDownloaderTransportException] curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: unable to get local issuer certificate
Composer is configured to disable SSL/TLS protection. This will leave remote HTTPS requests vulnerable to Man-In-The-Middle attacks.
Checking github.com rate limit: Downloading https://api.github.com/rate_limit
FAIL
[ComposerDownloaderTransportException] curl error 60 while downloading https://api.github.com/rate_limit: SSL certificate problem: unable to get local issuer certificate
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: Warning: Accessing getcomposer.org over http which is an insecure protocol.
Downloading http://getcomposer.org/versions
[200] http://getcomposer.org/versions
OK
Composer version: 2.0.14
PHP version: 7.4.16
PHP binary path: C:xamppphpphp.exe
OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
cURL version: 7.70.0 libz 1.2.11 ssl OpenSSL/1.1.1i
zip: extension present, unzip not available
If npm also has the problem, this definitely looks like an issue with the root CA store on your system rather than an issue with Composer.
Btw: it could also be an issue with a crappy antivirus software actually doing a MitM on the HTTPS connection. Check whether your Antivirus has a feature like «HTTPS protection» (the name varies by vendor) and tries disabling it.
If npm also has the problem, this definitely looks like an issue with the root CA store on your system rather than an issue with Composer.
Btw: it could also be an issue with a crappy antivirus software actually doing a MitM on the HTTPS connection. Check whether your Antivirus has a feature like «HTTPS protection» (the name varies by vendor) and tries disabling it.
The error may be on the computer in general. Because I also receive a certificate error in the Filezilla FTP program, I cannot contact the certificate.In general, there is definitely an error on windows. That’s why I can’t solve composer or npm.
I couldn’t find the solution to the problem and didn’t want to deal with it any more, so I reset the computer and the problem was solved.Thank you for your support. 
Issue
Whenver I use simple commands (install/update) for a Composer-based projects or the «diagnose» command composer diagnose -vvv, I get the error:
«curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: unable to get local issuer certificate»
I already tried to:
- Update to the latest Ubuntu (22.04) and specifically used:
sudo apt install ca-certificates --reinstall
sudo update-ca-certificates -f
- Fixed mismatched paths, which seemed to be the original problem (see: How do I deal with certificates using cURL while trying to access an HTTPS url?):
sudo mkdir -p /etc/pki/tls/certs
sudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-certificates.crt
And in facts the diagnose says, as expected:
Checked CA file /etc/pki/tls/certs/ca-bundle.crt: valid
- Rerun the Composer installer
Some more information that could be useful:
Composer version: 2.2.6
PHP version: 8.1.2
PHP binary path: /usr/bin/php8.1
OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
cURL version: 7.81.0 libz 1.2.11 ssl OpenSSL/3.0.2
Solution
Finally managed to solve it by manually replacing the ca-bundle.crt file, after realizing that even a simple curl/wget CLI command (outside of PHP/Composer) returned the same error (this the reason of the —no-check-certificate below):
sudo mv /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt.backup
sudo wget -O /etc/ssl/ca-bundle.crt https://curl.se/ca/cacert.pem --no-check-certificate
I got the link from: https://curl.se/docs/caextract.html
Answered By — CharlesM
Answer Checked By — Senaida (WPSolving Volunteer)
“cURL error 60: SSL certificate problem: unable to get local issuer certificate” is a common error that occurs when your website tries to communicate with an external API via HTTPS and the SSL certificate on the server is not verified or properly configured. Although this error can be seen on any server you are more likely to see this issue on a localhost environment running on wampp/xampp.
Contact your web host to make sure that the SSL certificate is properly configured on the server. As of PHP 5.6 if the certificate is not verified you will also get a warning notice on your website.
How to fix cURL error 60: SSL certificate problem: unable to get local issuer certificate on localhost
1. Download the cacert.pem file from the official cURL website here.
2. Go the directory where you have installed xampp and put it in the ssl folder. For example,
C:xamppphpextrassslcacert.pem D:programxamppphpextrassslcacert.pem
3. Open your php.ini file and search for “curl.cainfo”.
4. Once you have found it, specify the path to the .pem file in the curl.cainfo section. For example,
curl.cainfo = "C:xamppphpextrassslcacert.pem"
The line could be commented out with a semicolon right before curl.cainfo. So make sure to uncomment it and replace ;curl.cainfo = with the line above.
5. Restart Apache so the new changes take effect on your localhost server.
That should fix the cURL error 60 issue on your web server. If you have any other suggestions for fixing this issue feel free to share it in the comments.
‘cURL error 60 SSL certificate problem’ occurs when we make a cURL call to third party services.
Here at Bobcares, we have seen several such cURL command related errors as part of our Server Management Services for web hosts and online service providers.
Today we’ll take a look at the causes for this error and see the fix.
What causes ‘cURL error 60 SSL certificate problem’ error to occur
Digital certificates are mainly used in transferring sensitive content. These digital certificates are issued by certificate authorities or CA.
When a cURL receives a server CA that is not signed by one of the trusted certificates in the installed CA certificate store, then it will lead to an error: “failed to verify the legitimacy of the server” during the SSL handshake. As a result, SSL will then refuse the communication with the server leading to an SSL error.
In short, this error occurs because cURL makes sure to verify and make a secure connection request using a self-signed certificate. But when it doesn’t find any valid certificate then it throws this error message.
How we fix the error ‘cURL error 60 SSL certificate problem’
Now let’s see how our Support Engineers resolve this error message.
1. Re-download the cURL CA-Bundle from the cURL site to fix this error. Here are the steps for it.
- First, download the “cacert.pem” from the link: http://curl.haxx.se/docs/caextract.html
- Next copy the complete page and save it as “cacert.pem”
- Now, open the php.ini file and add the following line in it.
curl.cainfo = “[pathtofile]cacert.pem”
In, case, if the php.ini file doesn’t have the curl.cainfo line, then just add it to the end of the file. Then add the file path where cacert.pem file is saved. - Finally, restart the web server or on Windows, restart the application pool and try the request again.
2. If the insecure certificate is a self-signed, known-trusted certificate, then load the certificate to your local trusted certificate location for your OS.
[Need any further assistance in fixing curl errors? – We are here to help you.]
Conclusion
In short, this error occurs when cURL doesn’t find any valid certificate to communicate over https. Today, we saw how our Support Engineers fix this error.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
При отправке запроса средствами cURL можно получить ошибку: SSL certificate problem: unable to get local issuer certificate.
Можно просто отключить проверку SSL-сертификата. Например, вот так:
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://site.com'); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $result = curl_exec($ch);
Более правильным решением будет добавление сертификата в доверенные. Скачать свежую версию сертификата по адресу https://curl.haxx.se/ca/cacert.pem. Поместить данный файл на сервер. У меня это директория S:Serverbinphpextrasssl.
Далее в настройках файла php.ini указать путь к данному файлу:
[curl] curl.cainfo = S:Serverbinphpextrassslcacert.pem
Перезапустить apache.
// Находясь в директории bin ( путь/к/файлу/httpd ) httpd -k start httpd -k restart httpd -k stop (httpd - k shutdown) // Работа с apache как со службой Windows net stop apache2.4 net start apache2.4 // Мой httpd.exe S:ServerbinApache24binhttpd -k restart