Are you facing a curl error 77 problem with the SSL CA cert while curling an SSL website?
One of the main reasons for this error is broken or missing SSL chain certificate files on the server.
At Bobcares, we help our customers to fix similar SSL errors as part of our Server Management Services.
Today, let’s discuss the details on how to fix this error.
What is curl error 77 problem with the SSL CA cert?
Curl error 77 error is a server-side error. This error indicated that the chain certificate files are missing or “broken”. Usually, this error happens simply by outdated SSL certificate(s) for cURL installed on the server. Also, the wrong or incomplete configuration settings on the server can trigger the error on the website.
The error looks like,
Frequently, some website’s PHP scripts may fail with curl error 77 in Plesk servers. Then the website shows the following error:
cURL error (77): Problem with the SSL CA cert (path? access rights?)cURL error (77): Problem with the SSL CA cert (path? access rights?)
This error occurs when PHP cURL uses an outdated set of root certificates to verify server certificates.
How to fix curl error 77 problem with the SSL CA cert
Now, let’s see how our Support Engineers fix the curl error 77 for our customers.
Curling an SSL website can result in an error
curl: (77) Problem with the SSL CA cert (path? access rights?)on certain servers.
This error is the result of SSL chain certificate files in the PKI directory being corrupted or missed.
Therefore, we make sure the files /etc/pki/tls/certs/ca-bundle.crt and /etc/pki/tls/certs/ca-bundle.trust.crt exist on the server. If they do not exist, we set up them for our customers.
Sometimes, the error gets resolve by removing and reinstalling the ca certificate.
In a CentOS server, we use the below commands to remove ca-bundle and to install a ca-certificate.
rm -f /etc/ssl/certs/ca-bundle.crt yum reinstall -y ca-certificates
In Plesk servers, adding the following code to %plesk_dir%admin\conf\panel.ini solve the error. By default,
%plesk_dir% is C:\Program Files (x86)\Plesk\
Insufficient user permission
Sometimes the curl requests to https:// addresses stop working for cPanel users. However, the root user can still run the
curl -I -v https://google.comcommand without any issue.
The problem is due to insufficient permission of the user. The user who is trying to access
curl -I -v https://google.com doesn’t have enough permission to access /etc/pki directory. This due to the user only has jailed ssh access.
So, our Support Engineers fix the error by granting full access to the user.
Other common SSL certificate problem
Similarly, the error
SSL certificate problem: Unable to get local issuer certificate can occur when a self-signed certificate cannot be verified or it shows that the root certificates on the system are not working correctly.
Also, It is important to note that this applies to the system sending the CURL request, and NOT the server receiving the request.
To fix the error,
1. Initially, download cacert.pem. from
2. Add the following line to php.ini:
Furthermore, if the server is shared hosting, add the above value to .user.ini file in the public_html folder.
3. Restart PHP
Now, CURL is able to read HTTPS URL without any error.
[Need assistance to fix curl error 77?- We’re available 24/7.]
In short, the curl error 77 problem with the SSL CA cert occurs when SSL chain certificate files are missing or broken. Today, we saw how our Support Engineers fixed this error.