Resolving SSL Certificate Issue with Composer on Linux
Problem
When attempting to use Composer on Linux, users may encounter SSL certificate verification errors.
php composer.phar require pclzip/pclzip --ignore-platform-reqs
[Composer\Downloader\TransportException]
curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: unable to get local issuer certificate
Cause
This typically manifests as curl error 60
, indicating that the SSL certificate couldn't be verified locally. Resolving them involves configuring the system to recognize and trust the necessary Certificate Authority (CA) certificates.
Solution
To resolve this issue, follow these steps:
- Download the CA Certificate Bundle: Begin by downloading an updated CA certificate bundle from a trusted source. This ensures that your system has the necessary certificates to verify SSL connections.bash
sudo wget -O /usr/local/share/ca-certificates/cacert.pem https://curl.se/ca/cacert.pem
- Update System CA Certificates: Once downloaded, update the system's CA certificates to include the newly downloaded bundle. This command updates the certificates directory used by OpenSSL and other SSL-related libraries.
sudo update-ca-certificates
- Configure cURL and PHP to Use the CA Bundle: Configure cURL and PHP to use the newly downloaded CA certificate bundle. Update the
curl.cainfo
directive in your PHP configuration file (php.ini
) and verify the presence ofcacert
configuration in the cURL configuration file (/etc/curl/curlrc
). - Test the Configuration: Verify that cURL can now make HTTPS requests without certificate errors:
curl https://www.google.com
- Update Composer Keys: Ensure Composer is using up-to-date keys by running:
php composer.phar self-update --update-keys
- Follow the on-screen instructions to paste the latest public key from Composer's public keys page.
Conclusion:
By following these steps, you can effectively resolve SSL certificate issues encountered while using Composer on Gentoo. Ensuring your system's CA certificates are up-to-date and configuring cURL and PHP correctly are crucial for maintaining secure and reliable connections when working with Composer.