77
php
config_error
ai_generated
true
cURL error 77: Problem with reading SSL certificate (path: /etc/ssl/certs/ca-certificates.crt) in /var/www/app/src/Http/Client.php:28
ID: php/curl-ssl-cacert-path-missing
90%Fix Rate
87%Confidence
1Evidence
2023-09-05First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| PHP 7.4 | active | — | — | — |
| PHP 8.0 | active | — | — | — |
| PHP 8.1 | active | — | — | — |
| PHP 8.2 | active | — | — | — |
Root Cause
The CA certificate bundle file specified in curl.cainfo or CURLOPT_CAINFO does not exist, is unreadable, or is empty, preventing cURL from verifying SSL certificates.
generic中文
curl.cainfo或CURLOPT_CAINFO指定的CA证书包文件不存在、不可读或为空,导致cURL无法验证SSL证书。
Official Documentation
https://www.php.net/manual/en/function.curl-setopt.phpWorkarounds
-
90% success Download the latest cacert.pem from https://curl.se/docs/caextract.html and set the path in php.ini: curl.cainfo = /path/to/cacert.pem. Then restart PHP-FPM.
Download the latest cacert.pem from https://curl.se/docs/caextract.html and set the path in php.ini: curl.cainfo = /path/to/cacert.pem. Then restart PHP-FPM.
-
85% success Find the correct CA bundle path on the system: run 'openssl version -d' to get the OpenSSL directory, then look for cert.pem or ca-certificates.crt. Set curl.cainfo accordingly.
Find the correct CA bundle path on the system: run 'openssl version -d' to get the OpenSSL directory, then look for cert.pem or ca-certificates.crt. Set curl.cainfo accordingly.
-
80% success Copy the CA bundle to the expected location: sudo cp /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates. Then verify with: php -r 'var_dump(curl_version()["ssl_version"]);'
Copy the CA bundle to the expected location: sudo cp /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates. Then verify with: php -r 'var_dump(curl_version()["ssl_version"]);'
中文步骤
Download the latest cacert.pem from https://curl.se/docs/caextract.html and set the path in php.ini: curl.cainfo = /path/to/cacert.pem. Then restart PHP-FPM.
Find the correct CA bundle path on the system: run 'openssl version -d' to get the OpenSSL directory, then look for cert.pem or ca-certificates.crt. Set curl.cainfo accordingly.
Copy the CA bundle to the expected location: sudo cp /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates. Then verify with: php -r 'var_dump(curl_version()["ssl_version"]);'
Dead Ends
Common approaches that don't work:
-
30% fail
This bypasses security and leaves the application vulnerable to man-in-the-middle attacks; it is not a fix for the missing certificate issue.
-
50% fail
The package may install certificates to a different path (e.g., /etc/ssl/certs/ca-bundle.crt), and the PHP configuration still points to the old path.
-
70% fail
Setting an empty string causes PHP to use the default compiled-in path, which may also be incorrect or missing.