SSL problem with Cloudflare and curl on nginx configuration Ubuntu 18.04

tech35 · October 12, 2018, 6:40pm

Greeting community,

We are currently building a webserver for one of our customer. They are using Cloudflare SSL certification for the website. I am not really knowledge in Cloudflare but we followed the following link: https://www.digitalocean.com/community/tutorials/how-to-host-a-website-using-Cloudflare-and-nginx-on-ubuntu-16-04

Everything seem’s to be great but we need curl for some work in the website.

Eveytime we run curl following command: curl -svo /dev/null https://exemple.ca/ 2>&1 | egrep -v “^{.$|^}.$|^* http.*$”

i have the following error: SSL certificate problem: unable to get local issuer certificate.

I already try to put Cloudflare certificate and open certificate in php,ini file

curl.cainfo =/etc/ssl/certs/Certempcom.pem

Doe’s anybody have any idea of what is causing this?

Thanks a lot

sandro · October 12, 2018, 6:45pm

Are you sure you are connecting to the right host? Try openssl s_client -connect exemple.ca:443 and check where it connects to and what certificate you get.

tech35 · October 12, 2018, 7:00pm

It first connect to Cloudflare

After that i have the right certificate printing on screen

the error i have is : Verification error: unable to verify the first certificate

Those this help you?

sandro · October 12, 2018, 7:02pm

It might be that you dont have the full certificate chain. In which case you’d need to import it into your certificate store, for it to be trusted. Whats the domain?

tech35 · October 12, 2018, 7:03pm

The domain is https://portail.emploiscompetences.com

sandro · October 12, 2018, 7:12pm

Unless you have an entry in the hosts file (have you checked for that?) that should be fine as that host is properly configured for Cloudflare. Just to rule out any local edge server issues, can you check your certificate chain involves two Comodo certificates plus the one issued for the host?

If that is the case your system trust store is most likely missing the Comodo certificates and hence cant validate your server certificate. You’d either need to add them to the system trust store or configure a custom one for that call.

appspopo4 · October 12, 2018, 7:39pm

Thank you so much for this. I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys
with
regards

tech35 · October 15, 2018, 6:21pm

We finally found the problem:

like Sandro said the chain was not full

when doing a check SSL or using a web browser they complete the certificate with the standard intermediate and trusted root certificate.

But when using curl or inside server command, you need to make a full .pem file with

----- certificate-----
----- certificate-----
----- Intermediate certificate-----
----- Intermediate certificate-----
----- Trusted root certificate-----
----- Trusted root certificate-----

Thanks for your help

system · November 14, 2018, 6:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dreaded curl: (60) SSL certificate problem: self signed certificate in certificate chain Security	2	6880	January 17, 2020
SSL/TLS help Registrar	5	2422	June 18, 2021
Site recently added to Cloudflare seems to be responding incredibly slow Website, Application, Performance	2	783	June 9, 2023
Universal SSL & Client Certificate (PFX) Authentication Config (NGINX) Security	4	1476	August 8, 2023
SSL handshake fail-nginx webserver Security	9	4836	September 27, 2021

SSL problem with Cloudflare and curl on nginx configuration Ubuntu 18.04

Related topics