Article ID: 123623, created on Nov 20, 2014, last review on Oct 19, 2016

  • Applies to:
  • Plesk for Linux/Unix
  • Plesk for Windows


We just discovered an issue with the php curl libraries across our servers, where it is unable to connect due to SSL errors.

    SSL certificate problem: unable to get local issuer certificate


PHP cURL is not using an updated set of root certificates to verify server certs.

Around early September 2014, Mozilla removed the trust bits from the certs in their CA bundle that were still using RSA 1024 bit keys. This may lead to TLS libraries having a hard time to verify some sites if the library in question doesn't properly support "path discovery" as per RFC 4158. (That includes OpenSSL and GnuTLS.)


  1. Download the cacert.pem file from the main curl website

  2. Add the following into php.ini or add into 'Additional directives' under Websites & Domains > PHP settings :


For a multiple domains the settings above can be applied at one time through associated service plan:

  • Go to Home > Service Plans > ServicePlan1 , then to PHP Settings tab
  • In Additional configuration directives add curl.cainfo=full\path\to\cacert.pem parameter
  • Synchronize assigned subscriptions with the service plan

For Plesk 12.5:

Since 12.5 on Windows, the URL, from which cacert.pem is downloaded, can be specified in panel.ini file:


%plesk_dir%\Additional\PHPSettings\cacert.pem file is updated by Daily Maintenance script, by %plesk_dir%\admin\plib\DailyMaintainance\Task\UpdatePhpCurlCertificates.php task, in particular.

Path %plesk_dir%\Additional\PHPSettings\cacert.pem cannot be customized from Plesk settings.

By default,curlCertificatesUrl setting is missing from panel.ini. During an upgrade, or by Daily Maintenance task, Plesk exports certificates to this file by command:

"%plesk_dir%\admin\bin\certmng" --export-certificates --path "%plesk_dir%\Additional\PHPSettings\cacert.pem"

If certificate does not work, try to download certificate from and put it in C:\Program Files (x86)\Parallels\Plesk\Additional\PHPSettings directory.

Note: Make sure you are using the latest version of Mozilla Firefox.

Search Words

Curl Error: SSL

php curl


cURL SSL certificate problem: unable to get local issuer certificatу

85a92ca67f2200d36506862eaa6ed6b8 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838

Email subscription for changes to this article
Save as PDF