How to fix “SSL certificate problem: unable to get local issuer certificate”

How to fix “SSL certificate problem: unable to get local issuer certificate”

The Scenario

You are writing a cURL request to a secure destination (HTTPS) and you see this dreaded error message pop up in the curl_error(): SSL certificate problem: unable to get local issuer certificate

No matter what changes you make to your cURL request or how many times you verify that you have the correct URL or how many of your remaining hairs you pull out, nothing changes – this same annoying error message….

The Solution

While this is technically a clear and detailed error message, if you don’t know what it means or what it’s telling you it’s not very friendly…  So let me explain.

You are making a request to a secure source over HTTPS.  That destination expects you to share some credentials to it stating that you are who you say you are (or something like that at least).  Put more technically – you need to send with your request an SSL certificate.  Thankfully this is something we set in the configuration of your server and thus don’t need to specify this on each and every request.  There’s just a few steps to accomplish this.

Acquire the ca-bundle.crt SSL bundle

Copy the contents of this URL and save it to your server.  You can save it to any destination really, but somewhere near the top level of the server is fine.

https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt

In the case I ran into this issue on today, I was using a locally hosted XAMP installation, so I choose this path:

Update the php.ini File to Know the Path to your ca-bundle.crt File

You’ll now need to edit your php.ini file to identify where this file is located.  If you are using XAMP, you can get to the php.ini file from the Config button in the XAMP control panel.  Other servers have this file in different locations at times, but often times it’s located in the /etc directory somewhere.

Add or update these lines in your file:

Obviously you’ll need to update the path to match where you’ve saved your file.

Once you’ve saved the php.ini file you have one step to go.

Restart PHP

Each server might be slightly different on how to trigger the PHP restart (shared hosts may be trickier) but you’ll need to restart PHP for this change to be recognized.  In XAMP simply turn off Apache and then turn it back on via the XAMP control panel.  On many Linux servers you can try this command.

And that’s it!  With PHP restarted you can now re-try your cURL request and be happy to see an actual request sent and hopefully with no other issues you’ll see a valid response!!!