Server keeps saying I have an SSL certificate problem

ericovk

ericovk

Verified User
Joined
Apr 17, 2012
Messages
229
Location
Rotterdam, Netherlands
I set up my server with an Letsencrypt SSL certificate. My Chrome browser seems to be totally fine with that. I get an error within Laravel about an SSL issue.

When I try to curl a website that has active SSL (as root user), shell gives me back a message that I seem to be using a self signed certificate.

Code: 
#curl https://www.google.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html


curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

I tried to disable SSL for the specific account in which I installed Laravel, but that doesn't seem the issue.

I removed all older server SSL files:
Code: 
/usr/local/directadmin/conf/cacert.pem

/usr/local/directadmin/conf/cakey.pem

/usr/local/directadmin/conf/carootcert.pem

After that I ran the Letsencrypt script for the server again:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request server.hostname.com 4096

Getting back proper verification of the SSL

Code: 
Setting up certificate for a hostname: server.hostname.com
Getting challenge for server.hostname.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.server.hostname.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for mail.server.hostname.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for ftp.server.hostname.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for pop.server.hostname.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for smtp.server.hostname.com from acme-server...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for server.hostname.com...
openssl genrsa 4096 > "/usr/local/directadmin/conf/cakey.pem.new"
Generating RSA private key, 4096 bit long modulus
.....................................++
......................................................................................................................................................................++
e is 65537 (0x10001)
DirectAdmin certificate has been setup.
Setting up cert for Exim...
Setting up cert for WWW server...
Setting up cert for FTP server...
The services will be restarted in about 1 minute via the dataskq.
Certificate for server.hostname.com has been created successfully!

Results of curl doesn't change. Still the same problem "curl: (60) SSL certificate problem: self signed certificate in certificate chain."
 
It does the same to me, never needed to investigate why (it doesn't matter to me because is just curl which is complaining).

To chec your SSL Certificate, use this https://www.ssllabs.com/ssltest/ with your server hostname, it should give your a detailet analysis of your SSL status.

Best regards
 
Thanks for the tip, everything seems to be okay according to the test.

On some of my DA servers I get this "curl: (60) SSL certificate problem" problem and on some I don't. Another server that doesn't give this error also has Letsencrypt SSL installed on the server's hostname.
 
I always had that error with curl, no idea why, never honestly looked into it :)

Yep, the test looks perfect :) (nice domain name :D)

Best regards
 
Thanks! :)

I moved the account with Laravel to another server and the problem didn't occur on the other server. The main difference (as far as I can tell) between these two servers is that the server with the problem was installed with a self-signed certificate.

The other server is newer and a self signed certificate has never been installed there. A couple of months ago I installed a Letsencrypt on that server. (where the error occurs)
I immediately installed a Letsencrypt certificate on the newer server where everything works fine. Could it be there are somehow still older certificates on the older server?
 
Reinstalling libcurl-devel doesn't seem to solve this.

I found out that reinstalling cURL with DA solves this issue. Hooray!!1

Code: 
cd /usr/local/directadmin/custombuild
./build update
./build clean
./build curl
 
Sorry for bump but recently got this error:

Code: 
#:/usr/local/directadmin/custombuild# ./build update
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.


Temp solution would be to edit file nano $HOME/.curlrc and add / append insecure string to the file.


This occured on Debian 11
 
Try
Code: 
cd /usr/local/directadmin/custombuild
./build set_fastest
./build update
 
You must log in or register to reply here.
Back
Top