openssl: curl: (60) SSL certificate problem: unable to get local issuer certificate

In my case, upgrading openssl (to 1.0.2n) solved the problem.

@adnanali011, please don’t re-use issues for other topics. This does not seem to be an openssl issue – we don’t have a php.ini, nor does curl. I suggest you post on the appropriate forum.

I actually walked down the path of trying to update my curl curl-ca-bundle.crt to work with a GoDaddy cert on my sandbox server. There were a few articles on the internet that explored the --cacert option to curl, but this turned out to be the wrong path for the actual issue.

It turns out my sandbox server needed to also include the intermediate cert from GoDaddy along with the one for my domain. When you fix it on the server it, works without any mods to curl, etc:

See article here:

• https://www.godaddy.com/help/what-is-an-intermediate-certificate-868

Also explained here how to serve the fullchain, not the cert by itself:

• https://www.npmjs.com/package/ssl-root-cas

What you do is add the intermediate cert to your test server. Then curl works without any mods.

The reason this may seem to be a curl related issue is that my browser (Chrome) did not detect any issues when my server was missing the intermediate cert. It said the site was secure (apparently it can find the intermediate cert on its own). But technically my server should have provided the full chain.

To cut this short, you have misunderstood what a CA cert is and does. There is no way in the world that the CA cert from haxx.se would verify the server cert for www.erlang.org, that’s not how this works.

However, a quick run of openssl s_client -connect www.erlang.org:443 shows this line:

issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2

Have a look in http://certs.godaddy.com/repository/