cURL错误60: SSL证书问题:证书已过期
cURL错误60: SSL证书问题:证书已过期
提问于 2020-05-30 19:07:08
我们在亚马逊EC2 EC2&frontend.example.com上运行了2个应用程序。对于该应用程序,我们使用了付费SSL证书。该证书的有效期为2021年6月21日。但今天,我们犯了个错误-
cURL error 60: SSL certificate problem: certificate has expired (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)我们检查证书的有效期,但没有问题(2021年6月)。然后我们遵循这个线程- curl:(60) SSL证书问题:无法获得本地颁发者证书 (@Dahomz应答)
在那之后,当我们把example.com by - curl -v --url https://backend.example.com --cacert /etc/ssl/ssl.cert/cacert.pem卷起来时,它就可以正常工作了。反应就像-
* Rebuilt URL to: https://backend.example.com/
* Trying 127.0.0.1...
* Connected to backend.example.com (127.0.0.1) port 443 (#0)
* found 139 certificates in /etc/ssl/ssl.cert/cacert.pem
* found 600 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ******_RSA_***_***_GCM_*****
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.example.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.example.xyz
* start date: Mon, 04 May 2019 00:00:00 GMT
* expire date: Wed, 07 June 2021 23:59:59 GMT
* issuer: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA
* compression: NULL
* ALPN, server accepted to use http/1.1但是当我们用卷曲从frontend.example.com到backend.example.com时,它会抛出这个错误-
* Rebuilt URL to: https://backend.example.com/
* Trying 127.0.0.1...
* Connected to backend.example.com (127.0.0.1) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/ssl.cert/cacert.pem
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / *****-RSA-*****-GCM-******
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.example.com
* start date: Mar 4 00:00:00 2019 GMT
* expire date: Apr 7 23:59:59 2021 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify result: certificate has expired (10), continuing anyway.我的卷发密码-
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://backend.example.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, fopen(public_path("c.log"), 'w'));
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
$output = curl_exec($ch);
$error = curl_error($ch);
$info = curl_getinfo($ch);
curl_close($ch);Stack Overflow用户
发布于 2020-06-01 10:06:53
我们也有同样的错误。为了解决您的问题,使用最新版本的可信SSL站点更新您的"SSLCertificateChainFile“。在我们的例子中是科莫多。
您需要访问您的受信任的站点,并在您的证书下找到“CRT”。复制内容。
- 转到您的/etc/apache2/站点-可用
- 用"SSLCertificateChainFile“找到这一行。
- 接下来,编辑文件并用新的CRT值替换内容。
- 然后重新启动您的web服务器,在我们的示例中是apache: service apache2重新启动或systemctl重新启动apache2。
如果您不能重新启动apache,那么简单的方法就是重新启动您的实例。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/62107431
复制相关文章
相似问题
腾讯云开发者
