发表新帖
发表新帖

cURL error 60: SSL certificate problem: certificate has expired

前端 未结
关注
8 2143
清歌不尽
清歌不尽 2020-12-06 09:17

We running 2 application on amazon ec2 (backend.abc.com & frontend.abc.com). For that application, we used a paid SSL Certificate. That

相关标签:
8条回答
  • 走了就别回头了
    2020-12-06 09:27

    We had the same issue, after some troubleshooting we found that the root certificates of COMODO where expired.

    Valid until Sat, 30 May 2020 10:48:38 UTC (expired 3 days, 5 hours ago) EXPIRED

    We tested this via: https://www.ssllabs.com/ssltest/index.html. And we resolved it by downloading the certificates freshly from our reseller.

    This is the result we received about the COMODO certificates

    0 讨论(0)
  • 遇见更好的自我
    2020-12-06 09:34

    For ubuntu 14.04

    Open your terminal

    sudo su
wget https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000rfBO -O SHA-2_Root_USERTrust_RSA_Certification_Authority.crt --no-check-certificate
cp SHA-2_Root_USERTrust_RSA_Certification_Authority.crt /usr/share/ca-certificates/mozilla/

    Then dpkg-reconfigure ca-certificates and uncheck mozilla/AddTrust_External_Root.crt and check mozilla/2_Root_USERTrust_RSA_Certification_Authority.crt
    or run sudo update-ca-certificates for uncheck those.

    0 讨论(0)
  • 抹茶落季
    2020-12-06 09:35

    We have the same error. For solving your issue update your "SSLCertificateChainFile" with the newest version of your trusted SSL site. In our case is comodo.

    You need to go to your trusted site and find under your certificates the "CA-CRT". Copy the content.

    1. Go to your /etc/apache2/sites-available
    2. Find the line wih "SSLCertificateChainFile".
    3. Next edit the file and replace the content with your new CA-CRT values.
    4. Then restart your web server, in our case is apache: service apache2 restart or systemctl restart apache2

    If you can't restart apache the easy way is reboot your instance.

    0 讨论(0)
  • 谎友^
    2020-12-06 09:36

    I had to fix this issue on a debian based server

    this was due to the system use of openssl (curl depends on openssl)

    here is how it went:

    1. remove AddTrust_External_Root.crt from your system (usually found in /etc/ssl/certs)
      1. remove or comment the "mozilla/AddTrust_External_Root" line from /etc/ca-certificates.conf
      2. run sudo update-ca-certificates to update the certificates used by openssl

    maybe it can help you ?

    0 讨论(0)
  • 粉色の甜心
    2020-12-06 09:37

    It seems like your truststore is not updated with the latest trusted root. Understanding that it happened to you beginning yesterday 30th May. I am assuming that you have Sectigo as your CA.

    Update your trustore and you should be able to connect.

    https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

    0 讨论(0)
  • 耶瑟儿~
    2020-12-06 09:39

    To fix the problem, remove the expired root certificate from your domain certificate.

    1. Go to https://whatsmychaincert.com
    2. Test Your Server
    3. If they confirm you you have an expired root certificate, download and use the .crt without this certificate.

    (optional) By the time you're doing that you can use this temporary curl fix in order to don't have an error on your website : Add this option :

    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
    0 讨论(0)
 看不清?
提交回复
热议问题