个人中心
gpt4 book ai didi

ssl - curl 错误 60 : SSL certificate problem: certificate has expired

转载 作者:行者123 更新时间:2023-12-03 07:27:26 24 4
gpt4 key购买 nike

我们在亚马逊 EC2 上运行 2 个应用程序(backend.example.comfrontend.example.com)。对于该应用程序,我们使用了付费 SSL 证书。该证书到期日期为 2021年6月 .但是今天,我们遇到了一个错误——

cURL error 60: SSL certificate problem: certificate has expired (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
我们检查证书到期日期,但没有问题( 2021 年 6 月 )。然后我们关注这个线程 - curl: (60) SSL certificate problem: unable to get local issuer certificate (@Dahomz 回答)
之后,当我们 curl example.com作者 - curl -v --url https://backend.example.com --cacert /etc/ssl/ssl.cert/cacert.pem ,它工作正常。回应如 - 
* Rebuilt URL to: https://backend.example.com/
*   Trying 127.0.0.1...
* Connected to backend.example.com (127.0.0.1) port 443 (#0)
* found 139 certificates in /etc/ssl/ssl.cert/cacert.pem
* found 600 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ******_RSA_***_***_GCM_*****
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: *.example.com (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.example.xyz
*    start date: Mon, 04 May 2019 00:00:00 GMT
*    expire date: Wed, 07 June 2021 23:59:59 GMT
*    issuer: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA
*    compression: NULL
* ALPN, server accepted to use http/1.1
但是当我们从 frontend.example.combackend.example.com通过 curl,它会引发此错误 - 
* Rebuilt URL to: https://backend.example.com/
*   Trying 127.0.0.1...
* Connected to backend.example.com (127.0.0.1) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/ssl.cert/cacert.pem
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / *****-RSA-*****-GCM-******
* ALPN, server accepted to use http/1.1
* Server certificate:
*    subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.example.com
*    start date: Mar  4 00:00:00 2019 GMT
*    expire date: Apr  7 23:59:59 2021 GMT
*    issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
*    SSL certificate verify result: certificate has expired (10), continuing anyway.
我的 curl 代码 - 
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://backend.example.com");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, fopen(public_path("c.log"), 'w'));
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
$output = curl_exec($ch);
$error = curl_error($ch);
$info = curl_getinfo($ch);
curl_close($ch);

最佳答案

要解决此问题,请从您的域证书中删除过期的根证书。

  • 转至 https://whatsmychaincert.com
  • 测试您的服务器
  • 如果他们确认您的根证书已过期,请下载并使用没有此证书的 .crt。

    • 关于ssl - curl 错误 60 : SSL certificate problem: certificate has expired,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62107431/

    24 4 0
    文章推荐: dbeaver - 如何在DBeaver中切换大写字符转换?
    文章推荐: javascript - Feross的simple-peer的代码示例是什么?
    文章推荐: javascript - 显示 ng-repeat 中的嵌套对象键和值
    文章推荐: mercurial - 我可以将分支标记为 'not going to push'吗?
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com