http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.

vergil
So i have a few sites setup on my nginx web server and my ssl has been
working fine.

Problem is iam getting a curl ssl error and iam not sure why?

The error is as follows http_request_failed - cURL error 60: SSL certificate
problem: unable to get local issuer certificate.

I never gotten any ssl errors before, besides this time when i went to
import demo data on a wordpress site?

I need help as i need to get this site up by Friday.

Here is my current nginx ssl configuration file

server {
        listen 80;
       
       
       
        root /tmp/ewtwtertert;
        index index.html index.htm index.nginx-debian.html index.php;
        server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;

        location / {
                rewrite .* https://www.dfwelectronicsrecycling.com/$1;
        }
}

server {
        listen 443 ssl;
        ssl_certificate /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt;
        ssl_certificate_key /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 10m;
        ssl_session_cache shared:SSL:10m;
        ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128
kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW
!kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';
       
        root /var/www/dfwelectronicsrecycling.com/public_html;
        index index.html index.htm index.php;
        server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
       
        location / {
                try_files $uri $uri/ /index.php?$args;
        }
       
        ##### Include , Security and configuration files
# include /etc/nginx/sites-conf/dfwelectronicsrecycling.com/*;

       
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/var/run/php-fpm.socket;
        }
       
       
       
       
        location = /.well-known/pki-validation {
    types {}
    default_type text/html;
}

       
       
       
       
}




Here is my nginx configuration file.
user nginx nginx;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;


# BEGIN W3TC Page Cache cache
# END W3TC Page Cache cache

events {
        use epoll;
        worker_connections 1024;
        multi_accept on;
}



http {



        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 15;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;
        client_max_body_size 120M;
        client_body_buffer_size 1M;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log warn;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/javascript
text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##
       
       
       
       
                # included custom scripts
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

        # error because this is in http {} directive. for redirecting you need in
server {} directive
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288085#msg-288085

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.

Thomas Ward

How did you generate your certificate at /etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt ?

Is it a self-signed certificate or generated by LetsEncrypt or some other mechanism?  IF it's self-signed this is Normal Behavior, you can override it with the `-k` flag/argument to Curl.  If it's from a legitimate SSL provider then you aren't serving the certificate chain too.


Thomas


On 5/21/20 1:27 PM, finalturismo wrote:
So i have a few sites setup on my nginx web server and my ssl has been
working fine.

Problem is iam getting a curl ssl error and iam not sure why?

The error is as follows http_request_failed - cURL error 60: SSL certificate
problem: unable to get local issuer certificate.

I never gotten any ssl errors before, besides this time when i went to
import demo data on a wordpress site?

I need help as i need to get this site up by Friday. 

Here is my current nginx ssl configuration file 

server {
	listen 80;
	
	
	
	root /tmp/ewtwtertert;
	index index.html index.htm index.nginx-debian.html index.php; 
	server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;

	location / {
		rewrite .* https://www.dfwelectronicsrecycling.com/$1;
	}
}

server {
	listen 443 ssl;
	ssl_certificate			/etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.crt;
	ssl_certificate_key		/etc/nginx/ssl/dfwelectronicsrecycling.com/dfwelectronicsrecycling.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;
	ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128
kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW
!kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';
	
	root /var/www/dfwelectronicsrecycling.com/public_html;
	index index.html index.htm index.php;
	server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
	
	location / {
		try_files $uri $uri/ /index.php?$args;
	}
	
	##### Include , Security and configuration files	
#	include /etc/nginx/sites-conf/dfwelectronicsrecycling.com/*;	

	
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/var/run/php-fpm.socket;
	}
	
	
	
	
	location = /.well-known/pki-validation {
    types {}
    default_type text/html;
}

	
	
	
	
}




Here is my nginx configuration file.
user nginx nginx;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;


# BEGIN W3TC Page Cache cache
# END W3TC Page Cache cache

events {
	use epoll;
	worker_connections 1024;
	multi_accept on;
}



http {



	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 15;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;
	client_max_body_size 120M;
	client_body_buffer_size 1M;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log warn;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript
text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##
	
	
	
	
		# included custom scripts
	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

	# error because this is in http {} directive. for redirecting you need in
server {} directive
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288085#msg-288085

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.

J.R.
In reply to this post by vergil
Your certificate chain is incomplete, and curl is complaining...

https://www.ssllabs.com/ssltest/analyze.html?d=www.dfwelectronicsrecycling.com&hideResults=on

You should add the Sectigo RSA Domain Validation Secure Server CA to
your cert file, then it will probably be happy...
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.

J.R.
In reply to this post by vergil
> location / {
>   rewrite .* https://www.dfwelectronicsrecycling.com/$1;
> }

Don't do that...

The correct way when you want to redirect http to https would be:

server {
   listen 80;
   server_name dfwelectronicsrecycling.com www.dfwelectronicsrecycling.com;
   access_log   off;

   return 301 https://www.dfwelectronicsrecycling.com$request_uri;
}
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.

vergil
In reply to this post by J.R.
How do i go about doing this?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288089#msg-288089

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: http_request_failed - cURL error 60: SSL certificate problem: unable to get local issuer certificate.

vergil
In reply to this post by J.R.
I know the correct way as you are saying but i have an extremely secure
wordpress setup and most files are not in the public_html folder, there is a
specific reason me and my friend did this.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288085,288090#msg-288090

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx