cURL 错误 60:SSL 证书问题:证书已过期 [英] cURL error 60: SSL certificate problem: certificate has expired
问题描述
我们在 amazon ec2 (backend.abc.com & frontend.abc.com) 上运行 2 个应用程序.对于该应用程序,我们使用了付费 SSL 证书.该证书的到期日期为 2021 年 6 月.但是今天,我们遇到了一个错误 -
We running 2 application on amazon ec2 (backend.abc.com & frontend.abc.com). For that application, we used a paid SSL Certificate. That certificate expiration date at 2021 June. But today, we got an error -
cURL error 60: SSL certificate problem: certificate has expired (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
我们检查了证书到期日期,但没有问题(2021 年 6 月).然后我们按照这个线程 - curl: (60) SSL 证书问题:无法获取本地颁发者证书(@Dahomz 回答)
We check certificate expiration date, but there was no problem (2021 June). Then we follow this thread - curl: (60) SSL certificate problem: unable to get local issuer certificate (@Dahomz answer)
之后,当我们通过 - curl -v --url https://backend.abc.com --cacert/etc/ssl/ssl.cert/cacert.pem,它工作正常.回复喜欢 -
After that, when we curl abc.com by - curl -v --url https://backend.abc.com --cacert /etc/ssl/ssl.cert/cacert.pem, It working fine. Response like -
* Rebuilt URL to: https://backend.abc.com/
* Trying 127.0.0.1...
* Connected to backend.abc.com (127.0.0.1) port 443 (#0)
* found 139 certificates in /etc/ssl/ssl.cert/cacert.pem
* found 600 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ******_RSA_***_***_GCM_*****
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.abc.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.abc.xyz
* start date: Mon, 04 May 2019 00:00:00 GMT
* expire date: Wed, 07 June 2021 23:59:59 GMT
* issuer: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA
* compression: NULL
* ALPN, server accepted to use http/1.1
但是当我们通过 curl 从 frontend.abc.com 命中 backend.abc.com 时,它抛出了这个错误 -
But when we hit from frontend.abc.com to backend.abc.com by curl, it throws this error -
* Rebuilt URL to: https://backend.abc.com/
* Trying 127.0.0.1...
* Connected to backend.abc.com (127.0.0.1) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/ssl.cert/cacert.pem
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / *****-RSA-*****-GCM-******
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.abc.com
* start date: Mar 4 00:00:00 2019 GMT
* expire date: Apr 7 23:59:59 2021 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify result: certificate has expired (10), continuing anyway.
我的卷曲代码 -
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://backend.abc.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, fopen(public_path("c.log"), 'w'));
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
$output = curl_exec($ch);
$error = curl_error($ch);
$info = curl_getinfo($ch);
curl_close($ch);
推荐答案
要解决此问题,请从域证书中删除过期的根证书.
To fix the problem, remove the expired root certificate from your domain certificate.
- 转到https://whatsmychaincert.com
- 测试您的服务器
- 如果他们确认您的根证书已过期,请下载并使用没有此证书的 .crt.
(可选)当您这样做时,您可以使用此临时 curl 修复程序,以免您的网站出现错误:添加此选项:
(optional) By the time you're doing that you can use this temporary curl fix in order to don't have an error on your website : Add this option :
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
这篇关于cURL 错误 60:SSL 证书问题:证书已过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
