• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved cURL from PHP gives error 60

Lrnt

Basic Pleskian
Hi everyone,

I have got a weird cURL error 60.

I am on Debian 9.13 (Plesk Obsidian 18.0.38).

I don't use any CMS nor any PHP Framework (this is home made code).
I make a cURL call from my back office to perform an update in background in PHP like this:

Code:
// create curl resource
$ch = curl_init();

// set url
curl_setopt($ch, CURLOPT_URL, "https://www.domain.tld/file.php?action=DoSomething");

//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        
// $output contains the output string
$curlOutput = curl_exec($ch);

// close curl resource to free up system resources
curl_close($ch);

Until now, it worked like a charm, but I noticed today that cURL return an error 60, which means* :

CURLE_PEER_FAILED_VERIFICATION (60) The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.
*According the documentation libcurl - Error Codes

I use Let's Encrypt certificate and never had any problem with this.
To fix that, I change my code and now use:
Code:
file_get_contents("https://www.domain.tld/file.php?action=DoSomething")

Please note that all my scheduled tasks in Plesk (using Fetch an URL) are working properly.

But I am scared that this cURL error may generate other error elsewhere.

Do you think it is related to Plesk? Or to Let's Encrypt?
Do you have any idea to make my cURL call working like before?

Thanks.
 
Try this:
# sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
# update-ca-certificates
For more information please see this thread:
 
Have you disabled the expired DST CA X3 root certificate on the requesting server? Else cURL will fail the request.
@Peter Debik: I was not aware of this. I am a web developer but I also have some tasks to do to manage my server. I am not familiar with this kind of intervention which always scares me. But I really appreciate your help!

# sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
# update-ca-certificates
@Monty: Thank you too! This solved the issue:
  • I did not used "sed" command.
  • I preferred to directly edit the file "/etc/ca-certificates.conf"
  • And changing "mozilla/DST_Root_CA_X3.crt" to "!mozilla/DST_Root_CA_X3.crt"
  • Followed by "update-ca-certificates"
And this works! No more cURL error.
Thank you all!
 
I don't see any option to mark this post as "Resolved".
If someone do it for me, that would be great.
 
Back
Top