This question already has an answer here:
How to enable CurlHttpClient for WAMP in PHP 7.4+?
(1 answer)
Closed last year.
Problem
Following Laracasts tutorial for Laravel 8 (and to be specific: Chapter 58 - Mailchimp API Tinkering, Section 11 - Newsletters and APIs), I ran into an issue which seemed to be pretty common.
After creating a Mailchimp account and using a newly generated API key in Laravel 8, you would test it by Making your first API call, through your web.php file:
Route::get('ping', function (){
$mailchimp = new \MailchimpMarketing\ApiClient();
$mailchimp->setConfig([
'apiKey' => config('services.mailchimp.key'),
'server' => 'us19'
]);
$response = $mailchimp->ping->get();
ddd($response);
});
Unfortunately, when dumping the $response, the following error would show up:
GuzzleHttp\Exception\RequestException
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
for https://us20.api.mailchimp.com/3.0/ping
My Stack
I'm using Laravel 8.79.0 and WampServer 3.2.6
(with Apache 2.4.51, MySQL 8.0.27, PHP 8.0.13, PHPMyAdmin 5.1.1).
Solution
To solve this error, I first downloaded the cacert.pem certificate.
I placed it into a directory in my Wamp installation (in my case, I placed it in: C:\wamp64\bin\php\php8.0.13\extras\ssl).
Next, in the php.ini file of my PHP installation (in Wamp you can find it by left clicking the icon->PHP->php.ini), I looked for curl.cainfo = which was commented out with a ;.
I un-commented that line and set the value equal the absolute path to the cacert.pem file, so in my case the line was now: curl.cainfo = C:\wamp64\bin\php\php8.0.13\extras\ssl\cacert.pem.
Finally, I Restarted All Services in WampServer and visited the page again. The API responded nicely with:
{#804 ▼
+"health_status": "Everything's Chimpy!"
}
:)
I'm currently setting up amazon s3 on my laravel setup (first time doing anything with AWS), and I've run into a bit of a snag. For reference, I'm using XAMPP v.3.2.2 and PHP 7.0.5. Maybe someone can tell me where I went wrong.
First, I added these to my composer.json file:
"require": {
"graham-campbell/flysystem": "^3.0",
"league/flysystem-aws-s3-v3": "^1.0"
},
and ran a composer update.
Next, I added this to my filesystems.php file:
's3' => [
'driver' => 's3',
'key' => 'A--------edited out for stackoverflow-------WA',
'secret' => 'h-------------edited out for stackoverflow-------------B',
'region' => 'us-east-1',
'bucket' => 'commendmeus',
],
and finally I tried doing a test to make sure everything worked. In my routes file I added:
use Illuminate\Support\Facades\Storage;
get('test', function () {
echo 123;
$s3 = Storage::disk('s3');
$s3->put('myfile.txt', 'test file', 'public');
});
Unfortunately, I ran into an error:
S3Exception in WrappedHttpHandler.php line 192: Error executing
"ListObjects" on
"https://s3.amazonaws.com/commendmeus?prefix=myfile.txt%2F&max-keys=1&encoding-type=url";
AWS HTTP error: cURL error 60: SSL certificate problem: unable to get
local issuer certificate (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Here is a screenshot for reference:
I know nothing of SSL, and while I've seen errors similar to mine on stackoverflow, it might as well be like reading chinese to me. Could anyone help me out with what the proper course of action would be?
This problem is usually caused by cacert.pem missing from your PHP setup.
1) Download cacert.pem from https://curl.haxx.se/ca/cacert.pem
2) Copy cacert.pem to your PHP directory (or any location).
3) Modify your php.ini to include lines similar to these. Note: the path must be absolute and correct for your system (Windows use C:\path\cacert.pem for example):
curl.cainfo=/path/cacert.pem
openssl.cafile=/path/cacert.pem
Please avoid using localhost, try to name your local domain using, hostname, and get a certificate (ssl) and should work just fine:
Example:
https://local.dev
Full Error
RequestException in CurlFactory.php line 187: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Scenario
Before anyone points me to these two laracasts answers: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate
https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/52954
I've already looked at them and that's why I'm here.
The problem I have is that now I have the cacert.pem file BUT it doesn't make sense where to put it, the answers indicate to place the file in my xampp directory and change my php.ini file but I'm not using xampp for anything, I'm using Laravel's artisan server to run my project.
If xampp is not in use, where should I place this file? Moreover, why would an accepted answer be to place it in my xampp directory? I dont understand.
My Exact Question
Where do I place the cacert.pem file to stop this error in laravel 5.4?
Do not ever modify files in the vendor/ folder. Ever. They can and will be overwritten on the next composer update you run.
Here is my Solution for WampServer
I am using PHP 7.1.9 for my WampServer, so change 7.1.9 in the example below to the version number you are currently using.
Download this file: http://curl.haxx.se/ca/cacert.pem
Place this file in the C:\wamp64\bin\php\php7.1.9 folder
Open php.iniand find this line:
;curl.cainfo
Change it to:
curl.cainfo = "C:\wamp64\bin\php\php7.1.9\cacert.pem"
Make sure you remove the semicolon at the beginning of the line.
Save changes to php.ini, restart WampServer, and you're good to go!
A quick solution but insecure (not recommended).
Using cURL:
Set CURLOPT_SSL_VERIYPEER to false
Using Guzzle: Set verify to false, for example
$client->request('GET', 'https://somewebsite.com', ['verify' => false]);
You can use GuzzleHttp\Client:
$client = new Client(['verify' => false]);
Solution suggested by some users to make changes to \vendor\guzzlehttp\guzzle\src\Client.php file is the worst advice, as manual changes made to vendor folder are overwritten if you run composer update command.
Solution suggested by Jeffrey is a dirty, shorthand fix but not recommended in production applications.
Solution suggested by kjdion84 is perfect if you have access to php.ini file on web server. In case you are using Shared Hosting, it may not be possible to edit php.ini file.
When you don't have access to php.ini file (e.g. Shared Hosting)
Download this file: http://curl.haxx.se/ca/cacert.pem or https://curl.se/docs/caextract.html
Place this file in the root folder of your Laravel project.
Add verify key to GuzzleHttp\Client constructor with its value as path to cacert.pem file.
With Laravel 5.7 and GuzzleHttp 6.0
// https://example.com/v1/current.json?key1=value1&key2=value2
$guzzleClient = new GuzzleHttp\Client([
'base_uri' => 'https://example.com',
'verify' => base_path('cacert.pem'),
]);
$response = $guzzleClient->get('v1/current.json', [
'query' => [
'key1' => 'value1',
'key2' => 'value2',
]
]);
$response = json_decode($response->getBody()->getContents(), true);
This was stressfull to figure out but here is the exact answer for people using laravel and have this problem.
My exact application versions are...
Laravel: 5.4
Guzzlehttp: 6.2
Laravel Socialite: 3.0
Download a fresh copy of this curl certificate from this link: https://gist.github.com/VersatilityWerks/5719158/download
Save the file in this path starting from the base root of your laravel application vendor/guzzlehttp/guzzle/src/cacert.pem
next in that same directory open up RequestOptions.php and scroll down to the constant called CERT and change it to this const CERT = 'cacert.pem'; and this should fix it all.
EDIT
As people are pointing out you should never edit the vendor folder, this was just a quick fix for an application I was building in my spare time. It wasn't anything majorly important like an application for my company or anything, use this method at your own risk! Please check out the other answers if you need something more concrete.
I was sending a request from domain X to Y, my problem was with the certificate used on the domain Y (it wasn't a self-signed cert btw), the domain belonged to me & I had the certificate, so the quick fix was to use the domain Y's certificate on domain X's application:
On domain X:
Using Laravel 7 HTTP wrapper:
\Http::withOptions(['verify' => 'path-to-domain-Y-certificate']);
Using guzzle:
new GuzzleHttp\Client(['verify' => 'path-to-domain-Y-certificate']);
OR you could just contact your SSL provider to resolve the issue.
Note: Storing your domain's certificate in another system isn't a secure method, use this method only if you can ensure your certificate's security.
I haven't found what was wrong with the certificate, no browser seemed to have a problem with it, the only problem was generated on laravel using curl.
I had this problem while running Valet and attempting to make an api from one site in valet to another.
Note that i'm working in OSX.
I found the solution here: https://github.com/laravel/valet/issues/460
In short you have to copy the valet pem to the system CA bundle.
Just run this:
cp /usr/local/etc/openssl/cert.pem /usr/local/etc/openssl/cert.pem.bak && cat ~/.config/valet/CA/LaravelValetCASelfSigned.pem >> /usr/local/etc/openssl/cert.pem
I use laragon server and I faced to the same problem. I downloaded ssl certificate from http://curl.haxx.se/ca/cacert.pem and paste it in C:/laragon/etc/ssl/
(if cacert.pem already exists replace it with new one).
restart server and everything is fine
We can set path based on this article on Medium.com How to fix cURL error 60: SSL certificate problem
Steps to follow:
Open http://curl.haxx.se/ca/cacert.pem
Copy the entire page and save it as a “cacert.pem”
Open your php.ini file and insert or update the following line. curl.cainfo = " [pathtofile]cacert.pem"
Another one recently asked for the same problem and it's seems my answer was the solution for him.
Here was the post I mention : URL Post
That's what I said :
I'll be fully honest, I don't know anything about Laravel. But I had
the same problem, so as many other, on Symfony. And so as you I tried
many things without success.
Finally, this solution worked for me : URL solution
It indicates that instead of a certificate problem, it could came
from a environnement non-compatibility. I used XAMPP instead of
WAMP and it worked.
Solved it on my end by disabling verify completely when on debug setting since in this local scenario security is not an issue at all.
$http = new \GuzzleHttp\Client([
'base_uri' => config('services.passport.login_endpoint'),
'verify' => config('app.debug') ? false : true,
'defaults' => [
'exceptions' => false,
]
]);
curl.cainfo = "C:\wamp64\bin\php\php7.1.9\cacert.pem"
I had resolved my problem with wamp.
This happened to me in development with laravel 8 using the default server started by running:
php artisan serve
The solution for me was similar to other answers that require you to download cacert.pem and edit php.ini file. But since I was not using Wamp, I checked the path in my environment variables to find which php installation windows defaulted to and made the changes there.
For php version ^8.1 in wampserver
Download--> https://curl.se/ca/cacert.pem.
Place the cacert.pem file inside C:\wamp64\bin\php\php8.1.0.
Open php.ini and find this line:
;curl.cainfo
Change it to:
curl.cainfo = "C:\wamp64\bin\php\php8.1.0\cacert.pem"
Make sure you remove the semicolon at the beginning of the line.
Save changes to php.ini, restart WampServer64, and you're good to go!
You need to edit the following file in vendor/guzzlehttp/guzzle/src/Client.php
$defaults = [
'allow_redirects' => RedirectMiddleware::$defaultSettings,
'http_errors' => true,
'decode_content' => true,
'verify' => false, // By default this value will be true
'cookies' => false
];
May be security issue was there, but it will work.
for Laravel: The 5 steps below will be helpful
update version to Guzzlehttp: 5.2
find the file under \vendor\guzzlehttp\guzzle\src\Client.php
edit default settings to
protected function getDefaultOptions() {
$settings = [
'allow_redirects' => true,
'exceptions' => true,
'decode_content' => true,
'verify' => getcwd() .'/vendor/guzzlehttp/guzzle/src/cacert.pem'
];
}
download latest file cacert.pem from http://curl.haxx.se/ca/cacert.pem and place under /vendor/guzzlehttp/guzzle/src/
I'm getting an error RequestException in CurlFactory.php line 187:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see curl.haxx.se/libcurl/c/libcurl-errors.html) when trying to login with socialite facebook. This is the tutorial I followed http://blog.damirmiladinov.com/laravel/laravel-5.2-socialite-facebook-login.html#.V2K-ersrLIV .
This is my controller:
public function redirect()
{
return Socialite::driver('facebook')->redirect();
}
public function callback()
{
// when facebook call us a with token
$providerUser = \Socialite::driver('facebook')->user();
}
From my research I found out the error is as a result ofthe version of guzzlehttp/guzzle.I tried the solutions provided in these links but it didn't work for me. Laravel Socialite testing on localhost, SSL certificate issue? and https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/52954. Kindly help.
For those that still need a solution, here it is.
$providerUser = \Socialite::driver('facebook')
->setHttpClient(new \GuzzleHttp\Client(['verify' => false]))
->user();
Note the ['verify' => false], this disables the SSL certificate verification check done by the Guzzle HTTP client which is used by Socialite. It might also be a good idea to export this into the configuration as a setting.
After struggling for almost one month I have been able to solve my problem.
The problem was with Cacert.pem file which was missing in my php folder in xampp directory.
I downloaded new carcet.pem from https://curl.haxx.se/ca/cacert.pem and saved it as carcet.pem.txt in my php folder inside the xampp directory. I then opened php.ini file inside php folder and changed
;curl.cainfo= to
curl.cainfo="C:\xampp\php\cacert.pem.txt". Do not forget the .txt extension and also don't forget to restart your xampp.
That solved the problem for me. You can also read more about this error here Laravel 5 Socialite - cURL error 77: error setting certificate verify locations. Here is a link to the tutorial I followed to implement Facebook Socialite Login http://blog.sarav.co/integrating-socialite-in-laravel-5-2/.Hope this helps someone.
I did it with the cacert.pem +
php artisan generate:key
I have a weird issue going on with sending emails in Laravel.
I use Mailgun and can send emails fine when users register and everything like that.
I'm beginning to play around with scheduling commands and have created a custom artisan command to get some records and send some emails for these.
However when I run this command I get an error:
cURL error 60: SSL certificate problem: unable to get local issuer
certificate
I have set up a cacert.pem locally and linked this successfully in my php.ini file which is how I am able to send emails normally.
I don't understand why my command cannot send emails when I can send them just fine inside a controller.
This is the code I am using for the command:
$reminders = Reminder::where('utcReminderDate' , '<=', \Carbon\Carbon::now()->format('Y-m-d H:i'))->get();
foreach($reminders as $reminder)
{
Mail::send('emails.test', [], function($message) {
$message->to('me#example.com', 'Joe Bloggs');
$message->subject('A reminder for you');
});
}
I'm wanting to get all the reminders that need to be sent and loop through them to send them out.
When I run the command to test it via command line, it spits out the error above.
Any help getting the emails to send would be hugely appreciated. I use WAMP if that makes a difference.
You can either modify the vendor folder GuzzleHttp\Client change verify key to false from configureDefaults method as I did in my local machine
or
You can read this conversation in Laracasts and try downloading the .pem files in some of the comments.
Here are some links:
.pem File Download
After that you should edit your php.ini file accordingly:
curl.cainfo = "[pathtothisfile]\cacert.pem"
PS: I would just edit the vendor file, because it's much faster and not hard to realize.
Apparently PHP may load a different php.ini file when it is accessed from the CLI. See here.
Copying my php.ini file into C:\windows solved the issue.
Use this code:
$this->client = new GuzzleClient(['defaults' => [
'verify' => false
]]);
This works for me.