How to Fix SSL Certificate Expired Error in PHP Baota Panel

php ssl certificate expiredbaota panel cURL error 60fix curl.cainfoinstall cacert.pemresolve 500 error php

Published·May 15, 2022Modified·May 15, 2022

Recently, while troubleshooting an issue for a client, I encountered a 500 error. Upon enabling PHP Debug mode, the detailed error message appeared:

AWS HTTP error: cURL error 60: SSL certificate problem: certificate has expired

Initially, I suspected the target address's SSL certificate had expired. However, after repeated verification, the target SSL certificate was confirmed to be valid, and other devices could successfully request the URL. The Baota PHP environment, however, could not access the target URL, and switching PHP versions did not resolve the issue.

Solution

Access the server terminal and execute the following command to download the root certificate:

# Download root certificate
wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem

In the Baota backend, navigate to the corresponding PHP version, then go to Settings > Configuration File.

Search for the following two keywords: curl.cainfo and openssl.cafile. Modify the paths for these two parameters to point to the location of the cacert.pem certificate downloaded earlier. For example:

curl.cainfo = /xxx/cacert.pem
openssl.cafile=/xxx/cacert.pem

Afterward, restart PHP and test again. The issue should be resolved.