My domain is: app.ccgopvt.org
I ran this command: PHP procedure...
$sslCertPath = "/etc/letsencrypt/live/app.ccgopvt.org/fullchain.pem";
$ch = curl_init( $url );
// Assign CAINFO to the specific SSL Cert ONLY IF it is self-authorized.
curl_setopt( $ch, CURLOPT_CAINFO, $sslCertPath);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt( $ch, CURLOPT_HEADER, 1);
curl_setopt( $ch, CURLOPT_CERTINFO, 1);
curl_setopt( $ch, CURLOPT_VERBOSE, 1);
$response = curl_exec($ch);
if ( ! ($response)) {
$errno = curl_errno($ch);
$errstr = curl_error($ch);
$response = "postToURL - CURL error: [$errno] $errstr.";
}
curl_close($ch);
It produced this output:
postToURL - CURL error: [77] error setting certificate verify locations: CAfile: /etc/letsencrypt/live/app.ccgopvt.org/fullchain.pem CApath: /etc/ssl/certs.
My web server is (include version):
Server version: Apache/2.4.25 (Debian)
Server built: 2019-10-13T15:43:54
The operating system my web server runs on is (include version):
Debian GNU/Linux 9 \n \l
My hosting provider, if applicable, is: myself
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.28.0
I can run curl directly from the command line for the same URL and I get a valid response. e.g...
$curl https://app.ccgopvt.orgYou have reached the CCGOPVT Admin Demo Pages...
This behavior is specific to my web applications. Things were working, and suddenly they weren't. (Yes, of course something changed. I'm just at a loss for what!) The initial setting of $sslCertPath above was NULL. (That's my default setting on other servers.) But that produced the error. The above tries to assign the LetsEncrypt certificate path, but the result is the same.
The certificate seems to be valid according to the browser. I'm sure I am missing something basic in my understanding of how CURL uses SSL certificates. Somehow, I think this problem has to do with the interaction of the two. I'm hoping someone here can help.
Thanks in advance,
Ron