What means "SSL certificate problem: unable to get local issuer certificate"

Hello,
I am trying to implement the LEscript.php library (https://github.com/analogic/lescript) on our server to automate the renewal process. When running the script for any domain, I receive the above named error message, but as I am pretty new to LE, I not really understand where to look for the solution.
Maybe someone can get me some advice? What does this message exactly mean, and what should be done to solve it?

Additional info:
I manually created a first certificate (for a different domain) using the https://gethttpsforfree.com/ website (this worked very well!!!), so I belief LE should have my email address and certificate details.

I think it’s best if you open an issue directly on GitHub. In the mean time, you might want to try another (PHP) client. You can find a list of clients here: List of Client Implementations

In fact, the issue was not with the library, but rather a setting of PHP/cURL/Windows environment.
cURL by default is configured to “not trust any root certificate” . Therefore “the local issuer certificate” could not be found.

To solve this, one needs to tell cURL to trust certain root certificates:

  1. get the root certificate file from the CURL website:
    The Mozilla CA certificate store in PEM format (around 250KB uncompressed) is available from https://curl.haxx.se/docs/caextract.html . This PEM file contains the datestamp of the conversion and they only make a new
    conversion if there’s a change in either the script or the source file.

  2. store this pem file somewhere on your server

  3. tell cURL where to look for this file, by changing the PHP.INI file
    Change:
    ; curl.cainfo =

Change To:
curl.cainfo = “C:\PHP\Extras\SSL\cacert.pem” (or wherever you saved your cacert.pem file)

after these changes, the named error is not showing anymore (at least in my environment).

1 Like

You need to restart your APACHE webserver of course after this PHP.INI change …

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.