# cURL error 77: Problem with reading SSL certificate (path: /etc/ssl/certs/ca-certificates.crt) in /var/www/app/src/Http/Client.php:28 - **ID:** `php/curl-ssl-cacert-path-missing` - **Domain:** php - **Category:** config_error - **Error Code:** `77` - **Verification:** ai_generated - **Fix Rate:** 90% ## Root Cause The CA certificate bundle file specified in curl.cainfo or CURLOPT_CAINFO does not exist, is unreadable, or is empty, preventing cURL from verifying SSL certificates. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | PHP 7.4 | active | — | — | | PHP 8.0 | active | — | — | | PHP 8.1 | active | — | — | | PHP 8.2 | active | — | — | ## Workarounds 1. **Download the latest cacert.pem from https://curl.se/docs/caextract.html and set the path in php.ini: curl.cainfo = /path/to/cacert.pem. Then restart PHP-FPM.** (90% success) ``` Download the latest cacert.pem from https://curl.se/docs/caextract.html and set the path in php.ini: curl.cainfo = /path/to/cacert.pem. Then restart PHP-FPM. ``` 2. **Find the correct CA bundle path on the system: run 'openssl version -d' to get the OpenSSL directory, then look for cert.pem or ca-certificates.crt. Set curl.cainfo accordingly.** (85% success) ``` Find the correct CA bundle path on the system: run 'openssl version -d' to get the OpenSSL directory, then look for cert.pem or ca-certificates.crt. Set curl.cainfo accordingly. ``` 3. **Copy the CA bundle to the expected location: sudo cp /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates. Then verify with: php -r 'var_dump(curl_version()["ssl_version"]);'** (80% success) ``` Copy the CA bundle to the expected location: sudo cp /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates. Then verify with: php -r 'var_dump(curl_version()["ssl_version"]);' ``` ## Dead Ends - **** — This bypasses security and leaves the application vulnerable to man-in-the-middle attacks; it is not a fix for the missing certificate issue. (30% fail) - **** — The package may install certificates to a different path (e.g., /etc/ssl/certs/ca-bundle.crt), and the PHP configuration still points to the old path. (50% fail) - **** — Setting an empty string causes PHP to use the default compiled-in path, which may also be incorrect or missing. (70% fail)