# cURL错误77：读取SSL证书时出现问题（路径：/etc/ssl/certs/ca-certificates.crt），位于/var/www/app/src/Http/Client.php:28

- **ID:** `php/curl-ssl-cacert-path-missing`
- **领域:** php
- **类别:** config_error
- **错误码:** `77`
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

curl.cainfo或CURLOPT_CAINFO指定的CA证书包文件不存在、不可读或为空，导致cURL无法验证SSL证书。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| PHP 7.4 | active | — | — |
| PHP 8.0 | active | — | — |
| PHP 8.1 | active | — | — |
| PHP 8.2 | active | — | — |

## 解决方案

1. ```
   Download the latest cacert.pem from https://curl.se/docs/caextract.html and set the path in php.ini: curl.cainfo = /path/to/cacert.pem. Then restart PHP-FPM.
   ```
2. ```
   Find the correct CA bundle path on the system: run 'openssl version -d' to get the OpenSSL directory, then look for cert.pem or ca-certificates.crt. Set curl.cainfo accordingly.
   ```
3. ```
   Copy the CA bundle to the expected location: sudo cp /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates. Then verify with: php -r 'var_dump(curl_version()["ssl_version"]);'
   ```

## 无效尝试

- **** — This bypasses security and leaves the application vulnerable to man-in-the-middle attacks; it is not a fix for the missing certificate issue. (30% 失败率)
- **** — The package may install certificates to a different path (e.g., /etc/ssl/certs/ca-bundle.crt), and the PHP configuration still points to the old path. (50% 失败率)
- **** — Setting an empty string causes PHP to use the default compiled-in path, which may also be incorrect or missing. (70% 失败率)