I'm trying to get composer to work on a remote Windows-machine which is using a proxy, but I always get this error when doing a composer install/update:
[Composer\Downloader\TransportException] curl error 60 while
downloading https://flex.symfony.com/versions.json: SSL certificate
problem: unable to get local issuer certificate
This is my composer.bat:
#echo OFF
:: in case DelayedExpansion is on and a path contains !
setlocal DISABLEDELAYEDEXPANSION
set HTTP_PROXY=<proxyurl>
php "%~dp0composer.phar" %*
Obviously setting the proxy is needed, if I delete the line, the error becomes this:
[Composer\Downloader\TransportException] curl error 28 while
downloading https://flex.symfony.com/versions.json: Operation timed
out after 10000 milliseconds with 0 out of 0 bytes received
composer diag gives me this (with the proxy set):
Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking HTTP proxy: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.0.9
PHP version: 7.4.7
PHP binary path: C:\Program Files\PHP\current\php.exe
OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
cURL version: 7.69.1 libz 1.2.11 ssl OpenSSL/1.1.1g
zip: extension present, unzip not available
I've been through a lot of posts and tutorials, but none of the answers work for me. (Some are just about curl and it's options to switch off the cert-check but that doesn't work for composer). Here's what I have tried:
Downloaded cacert.pem from http://curl.haxx.se/ca/cacert.pem or https://curl.se/docs/caextract.html (no copy&paste as some said editing the file would corrupt it - however that's supposed to happen)
saved the file locally
activated openssl in php.ini
edited php.ini and added the path of the cert-file for "curl.cainfo" as well as "openssl.cafile" (according to some posts that makes a difference, so I tried both), used the full path and quotes, like this: curl.cainfo="C:\Program Files\PHP\cacert.pem"
moved the pem-file to different directories to make sure no Windows-permissions would make it inaccessible (I also set the file and it's directory to be accessible by all users just to make sure)
used php -r "print_r(openssl_get_cert_locations());" to find out the default certfile-location (it's "C:\Program Files\Common Files\SSL"), also saved the cert-file there
All of this did not work, the error remains the same.
Then I found a post which set a repository in composer.json and explicitely set the certfile for that repo, so I also tried it and added this to my composer.json:
{
"repositories": [{
"type": "composer",
"url": "https://flex.symfony.com",
"options" : {
"ssl" : {
"cafile" : "cacert.pem"
}
}
}]
}
The file "cacert.pem" is in the same directory as my composer.json, now the error is this:
[Composer\Downloader\TransportException] The
"https://flex.symfony.com/packages.json" file could not be downloaded
(HTTP/2 404 )
which is not that surprising, as trying to access "https://flex.symfony.com/packages.json" via a browser also gives me a 404. (Don't know if it makes a difference that all at a sudden "packages.json" couldn't be loaded while the cert-error complained about "versions.json", have no idea which is loaded first and if this error is a "good" sign.)
This trial-and-error journey has been going on for days, I'm out of ideas, so any help is appreciated!
i have no idea if your problem is the same as the problem i just got. but i solved it by executing this in cmd:
composer config -g -- disable-tls false
i'm using wamp anyway.
Further research led me to the proxy, which is ZScaler, being the problem. As stated in this post, ZScaler intercepts SSL traffic and re-encrypts it with its own certificate which is not trusted, so Composer (or any other program accessing sites via https) will complain with the above error that it's "unable to get local issuer certificate".
So the solution must be to get the "ZScaler Intermediate Root CA" to be trusted on the server. (Which I can't do myself due to company policy, but anyone looking for a solution to the above problem probably has another hint now what to do.)
after using the composer config -g secure-http false and clear my composer cache using composer clearcache solved my problem, with WAMP server.
If you use a symfony/flex older than 1.17.1:
composer show symfony/flex
then you need to update it with:
composer update symfony/flex --no-plugins --no-scripts
Source
Linux
(Paths in this guide will assume a default Linux installation on Ubuntu 18.04 LTS, but it will be similar for other distros.)
Download the latest CA bundle extract from curl.se
wget https://curl.se/ca/cacert.pem -O /etc/ssl/certs/cacert.pem --no-check-certificate
Edit your php.ini file.
For Ubuntu 18.04, there are 2 php.ini files which need to be modified in the following locations:
/etc/php//cli/php.ini
/etc/php//fpm/php.ini
Replace the with the version of PHP you’re using, so for PHP 7.4, the path will be /etc/php/7.4/…
In these files, you need to either modify or add the curl.cainfo and openssl.cafile parameters with the path to the new CA bundle:
[curl]
curl.cainfo = /etc/ssl/certs/cacert.pem
[openssl]
openssl.cafile = /etc/ssl/certs/cacert.pem
(only add the parameter if it does not already exist in your php.ini file. Duplicate parameters can prevent PHP from running correctly)
Restart your php-fpm to load the new settings.
systemctl restart php-fpm
Replace the with the version of PHP you’re using, so for PHP 7.4, the command will be systemctl restart php7.4-fpm
DONE!
source: (https://support.deskpro.com/is/kb/articles/how-to-update-curl-trusted-root-certificates)
Yes sometime the issue encounter if system is not connected to Zscaler which is installed by company for security. Connect with Zscaler and re run the command. The issue will get resolved.
https://asset-packagist.org could not be fully loaded (curl error 60
while downloading https://asset-packagist.org/packages.json: SSL
certificate problem: certificate has expired), package information was
loaded from the local cache and may be out of date
I am facing this Issue while composer install on Yii2 Project Operating System Windows and Wamp
I update the Certificate using this Video SSL certificate on Wamp
Still facing same issue at last I update the composer using command composer self-update Everything works fine I update composer version from 2.1.8 to 2.2.7
Update keys using:
composer self-update --update-keys
Then follow the instructions (copy and paste the key from https://composer.github.io/pubkeys.html)
Even this an old question and has many answers I found myself that none of them worked for me. In my case I've a local development environment using Docker, so using some sort of OS-hack would not work since is not persistent and furthermost cannot be passed down to any of my teammates (yes I know I could have my own image but does not worth the effort). The issue was raised while using the assets-packagist repository.
I solve this using this post, and for that I downloaded the cacert.pem at my project root dir and bound it to my container and set the repository as follows:
"assets": {
"type": "composer",
"url": "https://asset-packagist.org",
"options": {
"ssl": {
"verify_peer": true,
"allow_self_signed": true,
"cafile": "/var/www/html/cacert.pem"
}
}
}
This way any composer command work and trust in the registry certificate.
It seems you made the mistake of going on the wrong path
If you are using PHP version php7.4.21
CORRECT : Applications/MAMP/bin/php/php7.4.21
WRONG : Applications/MAMP/config/php7.4.21
I am trying to use Composer to install dependancies inside a Docker container running PHP 5.6.40.
It runs, but quits and the vendor directory is always empty.
MacBook:my-app dev$ docker exec my-app_php56_1 php -d memory_limit=-1 composer.phar update -vvv --no-cache --no-plugins
Disabling cache usage
Running 1.9.0 (2019-08-02 20:55:32) with PHP 5.6.40 on Linux / 4.9.184-linuxkit
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Reading ./composer.json
Loading config file ./composer.json
Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
Executing command (/var/www/html): git branch --no-color --no-abbrev -v
Reading /root/.composer/composer.json
Loading config file /root/.composer/composer.json
Loading composer repositories with package information
Downloading https://repo.packagist.org/packages.json
Updating dependencies (including require-dev)
Downloading http://repo.packagist.org/p/provider-2013%24b962a943715f142bd3c36c0e87b67b28b16c014a98898622ec735220b7e1ee4f.json
Downloading http://repo.packagist.org/p/provider-2014%24ecc1513d9762efcfd48fdbaf4a08f829a59093064f40b7c351f93f3fbdd07973.json
Downloading http://repo.packagist.org/p/provider-2015%24258303eff7165b17439353fe44e501a3a6d600bd5b5482c5261a2ffa2234a947.json
Downloading http://repo.packagist.org/p/provider-2016%2496e2313b5ba90c2b798b03f9e306a27c15f11f763cd6478b834943fc128fc111.json
Downloading http://repo.packagist.org/p/provider-2017%24d2ad294ebaf381b7bf68cacbe514cf2bb33c3a919b97319bfa2e2ffaa66bc511.json
Downloading http://repo.packagist.org/p/provider-2018%2466893d07acdb18bb12d5e92e062b6e3058f5d284292b09cf585bf0ceb1b26aca.json
Downloading http://repo.packagist.org/p/provider-2018-10%24ff53e18093ae3e52a84c5567489c78bf1d82d0af80f413c3d6ad35d541a28434.json
Downloading http://repo.packagist.org/p/provider-2019-01%2431194ef7551ee4bffd7cc09dd6d01dc60848afc129544438ac7931e9d42dd54e.json
...
Downloading http://repo.packagist.org/p/phpspec/phpspec%248dc959bd0ae544f84e5bceee933d9a61d0a2074b208c3b7e7807cdc320e83eee.json
Downloading http://repo.packagist.org/p/phpspec/php-diff%249b8687b7c99f069823a9ac8d17900f9c8243368ceea9a5ac4e71ab424bb6f2d5.json
Downloading http://repo.packagist.org/p/squizlabs/php_codesniffer%24386b3726c6c3ce5edde180a7881f924be5dfd720c951dc93db8455ae871e9d61.json
MacBook:my-app dev$
It then just returns nothing and the vendor directory remains empty.
I am running composer without any plugins or cache.
Finally, the exact same composer.json file works fine in my other PHP 7.1.x container.
I also wondered if the final dependancies was causing an issue so tried removing it. Still no luck.
EDIT:
I've now gone back to my PHP 7.1 container and run the exact same scripts and it works fine. Composer's output is (so the 5.6 version just dies at the point that it does the "Resolving dependencies through SAT":
...
Downloading http://repo.packagist.org/p/webmozart/assert%24f23cf2d90bee4a1a09dc1d005896d60e715bdb9ecd4531874bfc3dd3ea5908c1.json
Downloading http://repo.packagist.org/p/phpspec/phpspec%248dc959bd0ae544f84e5bceee933d9a61d0a2074b208c3b7e7807cdc320e83eee.json
Downloading http://repo.packagist.org/p/phpspec/php-diff%249b8687b7c99f069823a9ac8d17900f9c8243368ceea9a5ac4e71ab424bb6f2d5.json
Downloading http://repo.packagist.org/p/squizlabs/php_codesniffer%24386b3726c6c3ce5edde180a7881f924be5dfd720c951dc93db8455ae871e9d61.json
Resolving dependencies through SAT
Looking at all rules.
Something\'s changed, looking at all rules again (pass #16)
Dependency resolution completed in 28.879 seconds
Analyzed 21713 packages to resolve dependencies
Analyzed 1376894 rules to resolve dependencies
Resolving dependencies through SAT
Looking at all rules.
Dependency resolution completed in 0.003 seconds
Package operations: 116 installs, 0 updates, 0 removals
Installs: kylekatarnls/update-helper:1.2.0, stripe/stripe-php:v2.3.0, abraham/twitteroauth:0.6.6, ralouphie/getallheaders:3.0.3, psr/http-message:1.0.1, guzzlehttp/psr7:1.6.1, guzzlehttp/promises:v1.3.1, guzzlehttp/guzzle:6.0.2, maknz/slack:1.7.0, maknz/slack-laravel:1.0.0, sabberworm/php-css-parser:8.1.0, phenx/php-svg-lib:v0.3.2, phenx/php-font-lib:0.5.1, dompdf/dompdf:v0.8.3, vlucas/phpdotenv:v1.1.1
...
etc for everything else
From the output of your run, it seems your composer setup is using http rather than https. Run this command before installing composer:
composer config -g repo.packagist composer https://packagist.org
This question is getting a little old now so I assume you already resolved it. I had the same problem recently.
The problem appears to stem from the change of PHP version. In my case I was going from 7.1 to 7.2, which you would imagine shouldn't cause too much of an issue.
My composer update -vvv --no-cache --no-plugins output would show
Resolving dependencies through SAT
Looking at all rules.
Something's changed, looking at all rules again (pass #[forever increasing])
After attempting to install symfony/thanks
In the end I had to remove symfony/thanks from my composer.json and run again. It then gave me some problems with a few other packages that I also removed. Once I had a successful run I was then able to start adding the offending packages back to my composer.json and eventually the issue was resolved.
I assume the underlying issue was a number of conflicts in the various levels of dependencies of my packages.
I guess if anyone finds they end up removing more and more packages, the solution would be to start from the minimum possible packages (the default Laravel composer.json in my case) and start adding new packages one-by-one.
I am getting a TransportException when I run composer update on Ubuntu using a fresh install of Laravel Forge.
forge#trust-dale-production-V2:~/default$ composer update
> php artisan clear-compiled
Loading composer repositories with package information
[Composer\Downloader\TransportException]
The "https://api.github.com/repos/amcardwell/trust-dale" file could not be downloaded (HTTP/1.1 404 Not Found)
I am able to run a composer install... and I can use git connect to my git repo and push/pull. Here is an output of composer diag:
forge#trust-dale-production-V2:~/default$ composer diag
Checking composer.json: WARNING
require.yangqi/htmldom : unbound version constraints (dev-master) should be avoided
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: FAIL
Missing pubkey for tags verification
Missing pubkey for dev verification
Run composer self-update --update-keys to set them up
Checking composer version: OK
Why am I getting this error?
I figured it out. I didnt have a github oauth token linked yet. Thanks :)
Hi guys when I install laravel framework with composer I have two errors. How can I solve this? Thanks in advance !
composer global require "laravel/installer=~1.1"
Errors :
[RuntimeException]
Could not load package laravel/framework in http://packagist.org:
[UnexpectedValueException]
Could not parse version constraint ^1.0.4: Invalid version string "^1.0.4"
..
[UnexpectedValueException]
Could not parse version constraint ^1.0.4: Invalid version string "^1.0.4"
**
**Edited :**
composer diagnose
Checking composer.json: FAIL
name : The property name is required
description : The property description is required
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking composer version: OK
**
Use below command to install a new laravel project of a specific version
composer create-project laravel/laravel your_project_name 4.2.*
here 4.2.* is the version
Edit:
Update your composer.
You can use below command:
composer self-update
and then create project like this:
composer create-project laravel/laravel {you-project-name} 4.2 --prefer-dist
i'm trying to get composer to work on our server but i keep getting issues trying to install/update repositories.
I have configured the environment variables correctly to achieve all this:
http_proxy=http://fastweb.int.bell.ca:8083/
ftp_proxy=ftp://fastweb.int.bell.ca:8083/
HTTP_PROXY_REQUEST_FULLURI=false
I have also forced my composer to use HTTPS protocol only using the configuration directive:
"config": {
"github-protocols": ["https"]
}
We tried to update the ca_bundle following the post SSL certificate rejected trying to access GitHub over HTTPS behind firewall by setting the GIT_SSL_NO_VERIFY or updating the ca-bundle.crt in /etc/pki/tls/certs...
Nothing seems to work!
Here's the output, it does it for all packages, i tried with and without --prefer-source just to see if it would help, still nothing...
./composer.phar update Loading composer repositories with package
information Updating dependencies (including require-dev)
- Updating crazycodr/data-transform (dev-master 11f8499 => 2.0.2)
Checking out 11f8499d0027468705fca72ab67acfbf8ee2e6be
[RuntimeException] Failed to clone
https://github.com/crazycodr/data-transform.git via git, https and
http protocols, aborting.
- https://github.com/crazycodr/data-transform.git
fatal: https://github.com/crazycodr/data-transform.git/info/refs?service=git-upload-pack not found: did you run git update-server-info on the server?
I confirm being able to clone/pull/push a GitHub repo behind a firewall.
And you do need https_proxy in addition of http_proxy:
set http_proxy=http://<login_internet>:<password_internet>#aproxy:aport
set https_proxy=http://<login_internet>:<password_internet>#aproxy:aport
set no_proxy=.company
(the no_proxy part is there to avoid using the proxy for internal url, internal to the company)