curl: (60) SSL certificate problem: unable to get local issuer certificate

Question

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc         


        

Answer 1

My case was different. I'm hosting a site behind a firewall. The error was caused by pfSense.

Network layout: |Web Server 10.x.x.x| <-> |pfSense 49.x.x.x| <-> |Open Internet|

I accidentally found the cause, thanks to this answer.

---

All is well when I accessed my site from WAN.

However, when the site was accessed from inside LAN (e.g. when Wordpress made a curl request to its own server, despite using the WAN IP 49.x.x.x), it was served the pfSense login page.

I identified the certificate as pfSense webConfigurator Self-Signed Certificate. No wonder curl threw an error.

Cause: What happened was that curl was using the site's WAN IP address 49.x.x.x. But, in the context of the web server, the WAN IP was the firewall.

Debug: I found that I was getting the pfSense certificate.

Solution: On the server hosting the site, point its own domain name to 127.0.0.1

By applying the solution, curl's request was properly handled by the web server, and not forwarded to the firewall which responded by sending the login page.