DEV Community

Teresa N. Fontanella De Santis
Teresa N. Fontanella De Santis

Posted on • Edited on

1

Curl issue: SSL certificate problem: certificate has expired

#curl #certificate

In the following article we'll cover a common certificate issue faced with cURL application. curl is a command line client URL, which provides us the response of a given request for any HTTP(S) method. After this introduction, let's go deep into our issue...

Issue

When trying to execute a curl command to a specific site, like curl https://airlabs.co/api/v9/ping.json it is giving the following error:

“curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.”

The same url is working fine on any browser, and we have the openssl library installed on our server,

Root cause explanation

CURL certificate stored on the server has expired. So we need to obtain the updated certificate for the site and replace it in the certificates’ system folder.

Resolution steps

  1. First make sure you have wget installed on your server.
    You can install it on Mac using brew install wget.
    For Ubuntu, you can use apt install wget.
    For CentOS/RHEL, you can use yum install wget.

  2. Download the updated curl’s SSL certificate (from site curl.se), doing: wget https://curl.se/ca/cacert.pem
    The certificate will be downloaded as cacert.pem file. Then, you can execute the curl command with the flag --cacert <path_to_cacert.pem_file>.
    For example: curl --cacert ./cacert.pem https://airlabs.co/api/v9/ping.json
    If the certificate file is a valid one, the error should have disappeared. As we don’t want to add the --cacert flag for every curl command, we’ll go to the next step.

  3. Replace the updated certificate on the certificates’ system folder. To get the folder path, execute the openssl version -a on your terminal. You’ll see something similar to this (it may vary according to the OS configuration).
    Image description
    The OPENSSLDIR folder is the folder where the certificates are stored by default; so copy it to the clipboard.

    Then, copy (or move) the certificate into that folder. In our example, it can be:
    cp cacert.pem <OPENSSL_DIR>

After that, if we execute our curl command again, it will work as expected!

profile
Heroku
 Promoted

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

mikeyoung44 profile image

AI Breakthrough Makes Robots Learn Tasks Like Humans - Just By Following Points

Mike Young -

mikeyoung44 profile image

New AI System Cuts Search Time While Boosting Accuracy in Information Retrieval

Mike Young -

mikeyoung44 profile image

AI Chess Revolution: New Diffusion Model Rivals Traditional Engines Without Extensive Search

Mike Young -

mikeyoung44 profile image

New AI Method Isolates Target Voices Using Noisy Audio Comparison

Mike Young -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay