------Answer below--------
I know many post already talk about this but I've tried everything and I think nothing worked.
I use Google API for connection to a website and after to manage Google drive with API and Google library in PHP.
Pretty simple, I've got an issue with curl error 60, so I've checked curl.se website to get the last cacert.pem.
for those who would have my code, in my connection module, if i delete the verify line :
$client = new Client([
'timeout' => 2.0,
'verify' => __DIR__ . '/cacert.pem'
]);
i got this :
cURL error 60: SSL certificate problem: unable to get local issuer certificate
If i keep the verify, it work.
And my drive manager module :
$client = new Google_Client([
'timeout' => 2.0,
'verify' => __DIR__ . '/cacert.pem'
]);
$client->useApplicationDefaultCredentials();
$client->addScope(Google_Service_Drive::DRIVE);
$driveManager = new Google_Service_Drive($client);
$client->setSubject('api#test.fr');
// Print the names and IDs for up to 10 files.
$optParams = array(
'fields' => 'nextPageToken, files( name)',
'q' => 'folder',
);
$results = $driveManager->files->listFiles($optParams);"
Of course there is require vendor/autoload and putenv blablabla to open my credentials json file before and the printf foreach $results under..
The thing is, with the same cacert.pem verification, since the last update of cacert.pem on curl.se website (aka the 19/01/2021), this module doesn't work at all with the same error!
I'm a new user with Google API and I don't understand everything.
i've finally hosted my app today, to get it online, and it seems to work.
As my host use ssl by let's encrypt, my app dont use the cacert.pem as scpecified just above in the post, but it use the main certificate of my website, which is my host certificate.
When i've tested it, the error seems appear when the app request to : https://oauth2.googleapis.com/token, and it appear just when i've updated to the last cacert.pem file, so i guess there is an error somewhere that is not made by my hand...
I've just started using Zend 2 and it works really well (locally) but I can't get it to pass data via https to another server.
I'm a bit of a noob when it comes to ssl certs and I think this is where the problem lies. I've got a CERT, a Private Key and a CA cert - these are being used for an ssl cert on one of our vhost domains on our server the locations are : -
SSLCertificateFile /usr/local/psa/var/certificates/cert-####
SSLCACertificateFile /usr/local/psa/var/certificates/cert-####
In every example I read they're in '/etc/ssl/certs/ca-bundle.pem'. My question is how to I stick them together to create this .pem file that zend 2 wants? I've tried just creating a .pem file with all the -----BEGIN CERTIFICATE----- the hash/key -----END CERTIFICATE----- in and named it ca-bundle.pem but now Apache throws 'Unable to set verify locations' error at me, how do I get this to work ? Here is a snippet of the code I have for the adapter : -
$adapter = new Zend\Http\Client\Adapter\Socket();
$adapter->setStreamContext(array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => false,
'cafile' => '/usr/local/psa/var/certificates/ca-bundle.pem',
'verify_depth' => 5,
'CN_match' => 'https://www.mydomain.co.uk'
)
));
$client->setAdapter($adapter);
Thanks,
Joe
First this, but I guess you already did that correctly: How to get .pem file from .key and .crt files?
The error Unable to set verify locations is because Apache can't find or read the key.
Solution:
verify the path is correct
make sure the pem file is readable by the www-user Apache runs with
I received the same error when trying to install Composer. The following command corrected the problem for me.
sudo update-ca-certificates
I had installed an SSL certificate on this server following given instructions and it worked for the https connection. It was only when trying to install Composer that I saw the "unable to set verify locations" error. I hope this can save others the hours of research time it cost me!
Sometimes fail to call the web service.
This problem happens all the time.
What could be the problem?
Error:
SoapFault exception: [HTTP] Could not connect to host in
0 [internal function]: SoapClient->__doRequest('<?xml version="...', http://.', '', 1, 0)
The problem was solved.The problem is the cache
ini_set('soap.wsdl_cache_enabled',0);
ini_set('soap.wsdl_cache_ttl',0);
I am adding my comment for completeness, as the solutions listed here did not help me. On PHP 5.6, SoapClient makes the first call to the specified WSDL URL in SoapClient::SoapClient and after connecting to it and receiving the result, it tries to connect to the WSDL specified in the result in:
<soap:address location="http://"/>
And the call fails with error Could not connect to host if the WSDL is different than the one you specified in SoapClient::SoapClient and is unreachable (my case was SoapUI using http://host.local/).
The behaviour in PHP 5.4 is different and it always uses the WSDL in SoapClient::SoapClient.
The host is either down or very slow to respond. If it's slow to respond, you can try increasing the timeout via the connection_timeout option or via the default_socket_timeout setting and see if that reduces the failures.
http://www.php.net/manual/en/soapclient.soapclient.php
http://www.php.net/manual/en/filesystem.configuration.php#ini.default-socket-timeout
You can also include error handling as zanlok pointed out to retry a few times. If you have users actually waiting on these SOAP calls then you'll want to queue them up and process them in the background and notify the user when they're finished.
A misconfigured service leaves the default namespace with tempuri.org
This means the connection to the wsdl will work, but the function call will fail.
Stacktrace:
SoapClient->__doRequest('http://example.com...', 'http://tempuri.org....', 2, 0)
To remediate this, you must explicitly set the location using __setLocation()
$this->soapClient = new \SoapClient(WS_URL);
$this->soapClient->__setLocation(WS_URL);
This work for me
$opts = array(
'ssl' => array('verify_peer' => false, 'verify_peer_name' => false)
);
if (!isset($this->soap_client)) {
$this->soap_client = new SoapClient($this->WSDL, array(
'soap_version' => $this->soap_version,
'location' => $this->URL,
'trace' => 1,
'exceptions' => 0,
'stream_context' => stream_context_create($opts)
));
there is a soap config section in your php.ini file, which control the wsdl access cache, may be shown as:
[soap]
; Enables or disables WSDL caching feature.
soap.wsdl_cache_enabled=1 ;
Sets the directory name where SOAP extension will put cache files.
soap.wsdl_cache_dir="/tmp"
; (time to live) Sets the number of second while cached file will be used ; instead of original one.
soap.wsdl_cache_ttl=86400
if wsdl file cache is enabled, it may cause this problem when changing wsdl URI in php code.
in this example, you can just delete file start with wsdl- under /tmp directory.
or you just set soap.wsdl_cache_enabled=0; and soap.wsdl_cache_ttl=0;
PHP will fetch the wsdl file every-time you visit the page.
In our case, it was a Ciphers negotiation problem. We were getting this error randomly. We solved our problem by forcing a Cipher like this:
$soapClient = new SoapClient ('http://example.com/soap.asmx?wsdl',
array (
"stream_context" => stream_context_create (
array (
'ssl' => array (
'ciphers'=>'AES256-SHA'
)
)
)
)
);
Looks like PHP wasn't negotiating the same Ciphers at each service call.
In my case it worked after the connection to the wsdl, use the function __setLocation() to define the location again because the call fails with the error:
Could not connect to the host
This happens if the WSDL is different to the one specified in SoapClient::SoapClient.
I hit this issue myself and after much digging I eventually found this bug for ubuntu:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
specifically
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/comments/62
openssl s_client -connect site.tld:443 failed however openssl s_client -tls1 -connect site.tld:443 gave success. In my particular case part of the output included
New, TLSv1/SSLv3, Cipher is RC4-MD5 so I set the php context ssl/cipher value appropriately.
It seems the error SoapFault exception: Could not connect to host can be caused be several different things. In my cased it wasn't caused by proxy, firewall or DNS (I actually had a SOAP connection from the same machine working using nusoap without any special setup).
Finally I found that it was caused by an invalid pem file which I referenced in the local_cert option in my SoapClient contructor.
Solution:
When I removed the certificate chain from the pem file, so it only contained certificate and private key, the SOAP calls started going through.
For me it was a certificate problem. Following worked for me
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient(null, [
'location' => 'https://...',
'uri' => '...',
'stream_context' => $context
]);
In my case service address in wsdl is wrong.
My wsdl url is.
https://myweb.com:4460/xxx_webservices/services/ABC.ABC?wsdl
But service address in that xml result is.
<soap:address location="http://myweb.com:8080/xxx_webservices/services/ABC.ABC/"/>
I just save that xml to local file and change service address to.
<soap:address location="https://myweb.com:4460/xxx_webservices/services/ABC.ABC/"/>
Good luck.
I finally found the reason,its becuse of the library can't find a CA bundle on your system.
PHP >= v5.6 automatically sets verify_peer to true by default. However, not all systems have a known CA bundle on disk .
You can try one of these procedures:
1.If you have a CA file on your system, set openssl.cafile or curl.cainfo in your php.ini to the path of your CA file.
2.Manually specify your SSL CA file location
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($cHandler, CURLOPT_CAINFO, $path-of-your-ca-file);
3.disabled verify_peer
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
For those who struggled the same as me with laravel artisan console command that makes a lot of requests to same wsdl of external soap server and then after some time fails with Could not connect to host error.
The problem was because I was creating new SoapClient instance each time before request was made. Do not do that. Create it once and make each request from the same client.
Hope it helps.
For me it was a DNS issue. My VPS's nameservers crapped out, so I switched to Google's by editing my /etc/resolv.conf to be:
nameserver 8.8.8.8
nameserver 8.8.4.4
If you have a firewall on your server, make sure to open the port used by SOAP.
In my case, I had to open the port 1664.
iptables -t filter -A INPUT -p tcp --dport 1664 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 1664 -j ACCEPT
if ujava's solution can't help you,you can try to use try/catch to catch this fatal,this works fine on me.
try{
$res = $client->__call('LineStopQueryJson',array('Parameters' => $params));
}catch(SoapFault $e){
print_r($client);
}
With me, this problem in base Address in app.config of WCF service:
When I've used:
<baseAddresses><add baseAddress="http://127.0.0.1:9022/Service/GatewayService"/> </baseAddresses>
it's ok if use .net to connect with public ip or domain.
But when use PHP's SoapClient to connect to "http://[online ip]:9022/Service/GatewayService", it's throw exception "Coulod not connect to host"
I've changed baseAddress to [online ip]:9022 and everything's ok.
Another possible reason for this error is when you are creating and keeping too many connections open.
SoapClient sends the HTTP Header Connection: Keep-Alive by default (through the constructor option keep_alive). But if you create a new SoapClient instance for every call in your queue, this will create and keep-open a new connection everytime. If the calls are executed fast enough, you will eventually run into a limit of 1000 open connections or so and this results in SoapFault: Could not connect to host.
So make sure you create the SoapClient once and reuse it for subsequent calls.
I had a bad php.ini configuration. Verify the path and the certificate validity...
[openssl]
openssl.cafile = "C:/good/phpath/ca-bundle.crt"
Because my new \SoapClient($wsdl) was https !
Just to help other people who encounter this error, the url in <soap:address location="https://some.url"/> had an invalid certificate and caused the error.
For me, this was a problem in the httpd service (Fedora 24). A simple restart did the trick:
sudo service httpd restart
If the connection is through SSL, could be a problem of server instead of client (it is my case).
In PHP versions greater than 5.6 and 7, is important to check the CipherSuite used in server certificate.
There is a full list of ciphers allowed by this versions and a full list of ciphers that do not in this web link: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite
If the cipher used is not allowed (it is a deprecated algorithm), SoapClient receives "Could not connect to host" and there is no more trace about it.
The cipher used can be checked by clients like SoapUI in the section of "SSL Info", for example.
There is no thread forum treating about this in internet.
Check this out, too: http://php.net/manual/en/migration56.openssl.php
In my case the host requires TLS 1.2 so needed to enforce using the crypto_method ssl param.
$client = new SoapClient($wsdl,
array(
'location' => $location,
'keep_alive' => false,
"stream_context" => stream_context_create([
'ssl' => [
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
]
]),
'trace' => 1, // used for debug
)
);
In my case, disabled SELINUX allow PHP to call my WebService.
I run PHP in FPM with Apache2
SELinux status :
# sestatus
Disable SELinux :
setenforce 0
Enable SELinux :
# setenforce 1
Permanent disable :
edit this file /etc/selinux/config
Version check helped me OpenSSL. OpenSSL_1_0_1f not supported TSLv.1_2 !
Check version and compatibility with TSLv.1_2 on github openssl/openssl
. And regenerate your certificate with new openssl
openssl pkcs12 -in path.p12 -out newfile.pem
P.S I don’t know what they were minus, but this solution will really help.
That most likely refers to a connection issue. It could be either that your internet connection was down, or the web service you are trying to use was down. I suggest using this service to see if the web service is online or not: http://downforeveryoneorjustme.com/