I am struggling with this error for the past 2 days. I've googled hundreds of times, and nothing seems to work.
I have ubuntu 14.04 with php 7 running through command line. This is the code I am running:
try {
$ch = curl_init();
if (FALSE === $ch)
throw new Exception('failed to initialize');
curl_setopt($ch, CURLOPT_URL, 'https://infoconv.receita.fazenda.gov.br/ws/cpf/ConsultarCPF.asmx?wsdl');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CAINFO, '/etc/php/cacert.pem');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
//curl_setopt(/* ... */);
$content = curl_exec($ch);
if (FALSE === $content)
throw new Exception(curl_error($ch), curl_errno($ch));
// ...process $content now
} catch (Exception $e) {
print_r($e);
}
and this is the output (command line):
Exception Object
(
[message:protected] => SSL certificate problem: unable to get issuer certificate
[string:Exception:private] =>
[code:protected] => 60
[file:protected] => /home/andre/Projects/p/lib/EB/Inf/teste.php
[line:protected] => 40
[trace:Exception:private] => Array
(
)
[previous:Exception:private] =>
)
Note that the error is "unable to get issuer certificate", not "unable to get LOCAL issuer certificate" like most errors of this kind (I don't know both messages are saying the same thing or not).
Well, when I run:
php --info | grep .ini
from the command line, I get:
Configuration File (php.ini) Path => /etc/php/7.0/cli
Loaded Configuration File => /etc/php/7.0/cli/php.ini
Scan this dir for additional .ini files => /etc/php/7.0/cli/conf.d
Additional .ini files parsed => /etc/php/7.0/cli/conf.d/10-opcache.ini,
/etc/php/7.0/cli/conf.d/10-pdo.ini,
/etc/php/7.0/cli/conf.d/15-xml.ini,
/etc/php/7.0/cli/conf.d/20-calendar.ini,
/etc/php/7.0/cli/conf.d/20-ctype.ini,
/etc/php/7.0/cli/conf.d/20-curl.ini,
/etc/php/7.0/cli/conf.d/20-dom.ini,
/etc/php/7.0/cli/conf.d/20-exif.ini,
/etc/php/7.0/cli/conf.d/20-fileinfo.ini,
/etc/php/7.0/cli/conf.d/20-ftp.ini,
/etc/php/7.0/cli/conf.d/20-gettext.ini,
/etc/php/7.0/cli/conf.d/20-iconv.ini,
/etc/php/7.0/cli/conf.d/20-json.ini,
/etc/php/7.0/cli/conf.d/20-phar.ini,
/etc/php/7.0/cli/conf.d/20-posix.ini,
/etc/php/7.0/cli/conf.d/20-readline.ini,
/etc/php/7.0/cli/conf.d/20-shmop.ini,
/etc/php/7.0/cli/conf.d/20-simplexml.ini,
/etc/php/7.0/cli/conf.d/20-soap.ini,
/etc/php/7.0/cli/conf.d/20-sockets.ini,
/etc/php/7.0/cli/conf.d/20-sysvmsg.ini,
/etc/php/7.0/cli/conf.d/20-sysvsem.ini,
/etc/php/7.0/cli/conf.d/20-sysvshm.ini,
/etc/php/7.0/cli/conf.d/20-tokenizer.ini,
/etc/php/7.0/cli/conf.d/20-wddx.ini,
/etc/php/7.0/cli/conf.d/20-xmlreader.ini,
/etc/php/7.0/cli/conf.d/20-xmlrpc.ini,
/etc/php/7.0/cli/conf.d/20-xmlwriter.ini,
/etc/php/7.0/cli/conf.d/20-xsl.ini
user_ini.cache_ttl => 300 => 300
user_ini.filename => .user.ini => .user.ini
Classes => AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
open sourced by => Epinions.com
so, the loaded configuration file is in /etc/php/7.0/cli/php.ini and this is a snippet of this file with the curl configurations:
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /etc/php/cacert.pem
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
openssl.cafile=/etc/php/cacert.pem
my cacert.pem file is updated and IS located in the given path:
╰─$ cd /etc/php/ && ls -al
total 276
drwxr-xr-x 3 root root 4096 Set 26 17:25 .
drwxr-xr-x 149 root root 12288 Set 30 15:37 ..
drwxr-xr-x 4 root root 4096 Set 26 10:48 7.0
-r--r--r-- 1 root root 261644 Set 30 14:54 cacert.pem
I've got my cacert.pem from https://curl.haxx.se/ca/cacert.pem When I run:
php -r "print_r(get_loaded_extensions());"
from the command line, I get:
Array
(
[0] => Core
[1] => date
[2] => libxml
[3] => openssl
[4] => pcre
[5] => zlib
[6] => filter
[7] => hash
[8] => pcntl
[9] => Reflection
[10] => SPL
[11] => session
[12] => standard
[13] => PDO
[14] => xml
[15] => calendar
[16] => ctype
[17] => curl
[18] => dom
[19] => exif
[20] => fileinfo
[21] => ftp
[22] => gettext
[23] => iconv
[24] => json
[25] => Phar
[26] => posix
[27] => readline
[28] => shmop
[29] => SimpleXML
[30] => soap
[31] => sockets
[32] => sysvmsg
[33] => sysvsem
[34] => sysvshm
[35] => tokenizer
[36] => wddx
[37] => xmlreader
[38] => xmlrpc
[39] => xmlwriter
[40] => xsl
[41] => Zend OPcache
)
So, I have openssl and curl enabled.
The only different thing I did was to run:
sudo apt-get platform-update
and then my php (cli) got updated to version 7, but I don't know if this is the problem
Can someone help me figure out what the fucking hell full of demons is happening? This is driving me nuts!!!!!!