CentOS cURL error 60: Peer’s Certificate issuer is not recognized – [Solved]
In this guide, we are going to solve the “cURL error 60: Peer’s Certificate issuer is not recognized” issue. We may face this at the time to downloading file using
curl method. We may also face at the moment to generating or updating Let’s Encrypt SSL certificate.
The error looks like:
curl: (60) Peer's Certificate issuer is not recognized. curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
Let’s install the ca-certificates package by using this command:
yum install ca-certificates
We have to enable dynamic CA configuration feature. Let’s do this by this command:
Restart your webserver to check if the error was solved or not.
// Apache sudo systemctl restart httpd // Nginx sudo systemctl restart nginx
If the error not solved yet, then follow these steps:
- Add your cert.pem file to
- If you don’t have cert.pem file, you can convert cert.crt to cert.pem using OpenSSL:
openssl x509 -in cert.crt -inform der -outform pem -out cert.pem.
- Last update ca-trust using this command:
Now restart your webserver and check.
Note: You can also upload
cert.pem file to any location and can set a Symbolic link like this:
sudo ln -s /etc/ssl/your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem
You don’t want to fix this permanently, you may follow these two methods:
Method 1: Skip Certificate Check
You can simply add
--no-check-certificate in your command. Here’s an example:
wget --no-check-certificate https://wordpress.org/latest.zip
Method 2: Temporary Turned off SSL
To install any package, you can temporary turned off SSL check. Open yum configuration file:
sudo vi /etc/yum.conf
Just add this line:
The article is over. Thanks for reading. ?