We just discovered an issue with the php curl libraries across our servers, where it is unable to connect due to SSL errors.
SSL certificate problem: unable to get local issuer certificate
PHP cURL is not using an updated set of root certificates to verify server certs.
Around early September 2014, Mozilla removed the trust bits from the certs in their CA bundle that were still using RSA 1024 bit keys. This may lead to TLS libraries having a hard time to verify some sites if the library in question doesn't properly support "path discovery" as per RFC 4158. (That includes OpenSSL and GnuTLS.)
cacert.pemfile from the main curl website http://curl.haxx.se/ca/cacert.pem.
Add the following into
php.inior add into 'Additional directives' under Websites & Domains > PHP settings :
For a multiple domains the settings above can be applied at one time through associated service plan:
- Go to Home > Service Plans > ServicePlan1 , then to
Additional configuration directivesadd
- Synchronize assigned subscriptions with the service plan
For Plesk 12.5:
Since 12.5 on Windows, the URL, from which
cacert.pem is downloaded, can be specified in
%plesk_dir%\Additional\PHPSettings\cacert.pem file is updated by Daily Maintenance script, by
%plesk_dir%\admin\plib\DailyMaintainance\Task\UpdatePhpCurlCertificates.php task, in particular.
%plesk_dir%\Additional\PHPSettings\cacert.pem cannot be customized from Plesk settings.
curlCertificatesUrl setting is missing from
panel.ini. During an upgrade, or by Daily Maintenance task, Plesk exports certificates to this file by command:
"%plesk_dir%\admin\bin\certmng" --export-certificates --path "%plesk_dir%\Additional\PHPSettings\cacert.pem"
If certificate does not work, try to download certificate from
http://curl.haxx.se/ca/cacert.pem and put it in
C:\Program Files (x86)\Parallels\Plesk\Additional\PHPSettings directory.
Note: Make sure you are using the latest version of Mozilla Firefox.