Need help?

Our experts have had an average response time of 13.52 minutes in October 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Curl error 77 problem with the SSL CA cert – Root causes and fix

by | Jul 1, 2020

Are you facing a curl error 77 problem with the SSL CA cert while curling an SSL website?

One of the main reasons for this error is broken or missing SSL chain certificate files on the server.

At Bobcares, we help our customers to fix similar SSL errors as part of our Server Management Services.

Today, let’s discuss the details on how to fix this error.

What is curl error 77 problem with the SSL CA cert?

Curl error 77 error is a server-side error.  This error indicated that the chain certificate files are missing or “broken”. Usually, this error happens simply by outdated SSL certificate(s) for cURL installed on the server.  Also, the wrong or incomplete configuration settings on the server can trigger the error on the website.

The error looks like,

Frequently, some website’s PHP scripts may fail with curl error 77 in Plesk servers.  Then the website shows the following error:

cURL error (77): Problem with the SSL CA cert (path? access rights?)cURL error (77): Problem with the SSL CA cert (path? access rights?)

This error occurs when PHP cURL uses an outdated set of root certificates to verify server certificates.

 

How to fix curl error 77 problem with the SSL CA cert

Now, let’s see how our Support Engineers fix the curl error 77  for our customers.

Curling an SSL website can result in an error curl: (77) Problem with the SSL CA cert (path? access rights?)on certain servers.

This error is the result of  SSL chain certificate files in the PKI directory being corrupted or missed.

Therefore, we make sure the files /etc/pki/tls/certs/ca-bundle.crt and /etc/pki/tls/certs/ca-bundle.trust.crt exist on the server. If they do not exist, we set up them for our customers.

Sometimes, the error gets resolve by removing and reinstalling the ca certificate.

In a CentOS server, we use the below commands to remove ca-bundle and to install a ca-certificate.

rm -f /etc/ssl/certs/ca-bundle.crt

yum reinstall -y ca-certificates

 

In Plesk servers, adding the following code to %plesk_dir%admin\conf\panel.ini solve the error. By default,

%plesk_dir% is C:\Program Files (x86)\Plesk\

[php]
curlCertificatesUrl="http://curl.haxx.se/ca/cacert.pem

 

Insufficient user permission

Sometimes the curl requests to https:// addresses stop working for cPanel users. However, the root user can still run the curl -I -v https://google.comcommand without any issue. 

The problem is due to insufficient permission of the user.  The user who is trying to accesscurl -I -v https://google.com doesn’t have enough permission to access /etc/pki directory. This due to the user only has jailed ssh access.

So, our Support Engineers fix the error by granting full access to the user.

 

Other common SSL certificate problem

Similarly, the error SSL certificate problem: Unable to get local issuer certificate can occur when a self-signed certificate cannot be verified or it shows that the root certificates on the system are not working correctly.

Also, It is important to note that this applies to the system sending the CURL request, and NOT the server receiving the request.

To fix the error,

1. Initially, download cacert.pem. from https://curl.haxx.se/ca/cacert.pem

2. Add the following line to php.ini:

curl.cainfo="/path/to/downloaded/cacert.pem"

Furthermore, if the server is shared hosting, add the above value to .user.ini file in the public_html folder.

3. Restart PHP

Now, CURL is able to read HTTPS URL without any error.

 

[Need assistance to fix curl error 77?- We’re available 24/7.]

 

Conclusion

In short, the curl error 77 problem with the SSL CA cert occurs when SSL chain certificate files are missing or broken. Today, we saw how our Support Engineers fixed this error.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Reviews

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF