CentOS cURL error 60: Peer’s Certificate issuer is not recognized – [Solved]

In this guide, we are going to solve the “cURL error 60: Peer’s Certificate issuer is not recognized” issue. We may face this at the time to downloading file using wget or curl method. We may also face at the moment to generating or updating Let’s Encrypt SSL certificate.

The error looks like:

curl: (60) Peer's Certificate issuer is not recognized.

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

The Solution

Let’s install the ca-certificates package by using this command:

yum install ca-certificates

We have to enable dynamic CA configuration feature. Let’s do this by this command:

update-ca-trust force-enable

Restart your webserver to check if the error was solved or not.

// Apache
sudo systemctl restart httpd
// Nginx
sudo systemctl restart nginx

If the error not solved yet, then follow these steps:

  • Add your cert.pem file to /etc/pki/ca-trust/source/anchors/.
  • If you don’t have cert.pem file, you can convert cert.crt to cert.pem using OpenSSL: openssl x509 -in cert.crt -inform der -outform pem -out cert.pem.
  • Last update ca-trust using this command: update-ca-trust extract.

Now restart your webserver and check.

Note: You can also upload cert.pem file to any location and can set a Symbolic link like this:

sudo ln -s /etc/ssl/your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem

You don’t want to fix this permanently, you may follow these two methods:

Method 1: Skip Certificate Check

You can simply add --no-check-certificate in your command. Here’s an example:

wget --no-check-certificate https://wordpress.org/latest.zip

Method 2: Temporary Turned off SSL

To install any package, you can temporary turned off SSL check. Open yum configuration file:

sudo vi /etc/yum.conf

Just add this line:

The article is over. Thanks for reading. ?

Most Related:

Software Engineer | Ethical Hacker & Cybersecurity...

Md Obydullah is a software engineer and full stack developer specialist at Laravel, Django, Vue.js, Node.js, Android, Linux Server, and Ethichal Hacking.