Composer/Packagist: Peer's Certificate issuer is not recognized


#1

Hi, I have a gitlab server with certificates from letsencrypt. Now I want to add a package to packagist.org and got by providing the https-url to gitlab the error message above: Peer’s Certificate issuer is not recognized.

I get the same error message by running the command “composer update”.

How can I fix this?

Also posted here: http://serverfault.com/questions/772758/gitlab-ssl-configuration-certificate-verification-failed


#2

Use SSL Labs to check your site for certificate chain issues. Browsers often work around those issues when you’ve previously visited a site using Let’s Encrypt (which puts the intermediate certificate in your cache), but Packagist probably doesn’t do that. If you’re using the official client, make sure you’re using fullchain.pem or chain.pem somewhere in your web server configuration, and not just cert.pem. (With recent versions of nginx and apache, it should probably be fullchain.pem.)

If there are no chain issues, it’s possible that the root certificate Let’s Encrypt uses isn’t included in Packagist CA file. If that’s the case, there’s not much you can do on your end, other than asking them to add the DST X3 root certificate to their trust store.


#3

Ah, ok I have used cert.pem. After changing to fullchain.pem it works!