Closed hiasl closed 3 years ago
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
This is a common cURL error, the fix for which you should be able to find by doing a bit of searching.
The cache warmer does not explicitly fail because it carries on the warming process and correctly logs the error. I don't think allowing insecure SSL certs is a good idea, instead I would suggest you fix the issue on your local development environment.
Sorry, hope it's ok if I do not agree: If the console command shows that 18 pages were warmed, then 18 files should be in the cache directory, don't you think so? And if they are not there, then I think the console command should report a problem.
Regarding the cCURL error: I already did some research on this before I wrote the ticket and I could only find out that there are cURL options to ignore SSL certificate problems. But this would require that I could configure them somewhere, which I can't. Did you think about a different approach?
Of course it's ok to disagree, this is about finding the best solution to the issue!
So the console command shows 18 URLs that were visited rather than warmed, but I guess it could report that there were X URLs that returned errors. In your case it makes sense but consider a site in which there are thousands of pages. I'll look into making the console message more user-friendly, if you have any suggestions then I'd be happy to hear them.
Regarding the cURL error, I was referring to the second point in this answer: https://stackoverflow.com/a/24618403/1769259
- Add the root CA (the CA signing the server certificate) to
etc/ssl/certs/ca-certificates.crt
Regarding cURL: you are right, I took the wrong approach, I wanted it to ignore the error, but of course it better to make it work.
Regarding console output: Have a look:
It does not say "18 URLs visited", you just get the figures and everything looks like a success. Maybe, as you wrote, it would be sufficient to output the amount of error URLs, if any occurred and the hint to turn on debugging to find out the reason.
In my case I did not know that was a debug option and I had no clue, why the warmer seemed to succeed but there were not files in the cache dir.
Ok I'll consider better reporting in the console as a feature request.
@hiasl - Agree with you that the console output should be clearer, we were bit by the same issue. To revisit your comment about cURL not being configurable though, I just wanted to point you to this section of the Craft config: https://craftcms.com/docs/3.x/config/#guzzle-config
You can tell cURL to ignore invalid SSL by putting the following in config/guzzle.php
:
<?php
return [
'verify' => false
];
Thanks @markdrzy, that should be helpful for others in future!
Thanks @markdrzy!
Added in https://github.com/putyourlightson/craft-blitz/commit/8fe9afc53d77fd5b58bb8188f509948923300eca for the next release.
Released in 3.7.0.
Describe the bug
I use MAMP pro locally for developing with locally signed SSL certificates. Those certificates cause a warning in the browser but seem to prevent cache warming from working as cURL does not like them.
To reproduce
Steps to reproduce the behaviour:
2020-05-09 21:05:59 [][][debug] cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
Expected behaviour
1.) I would expect the cache warmer to fail 2.) It would be very helpful to have some kind of a "allow self signed certificates" config setting in config to be able to work with Blitz AND self signed certificates locally. Maybe even better, if Blitz detects the problem a warning (or warming :-) ) should be shown if in DEV mode, but it should still work even without such a setting.
Versions