Why cacert.pem file is being overwritten with old certificate permanently?

Question

PHP cURL certificate cacert.pem located in "%plesk_dir%\Additional\PHPSettings" has been manually uploaded from external URL (like https://curl.haxx.se/ca/cacert.pem)

However, after a few days it was overwritten with old certificate, why?

Answer

PHP Curl certificate "%plesk_dir%\Additional\PHPSettings\cacert.pem" is being updated during execution of Daily Maintenance task. As a default it is exported from CA and ROOT Windows certificate stores. It overwrites manually uploaded cacert.pem file.

If it is necessary to have this file downloaded from external URL, like https://curl.haxx.se/ca/cacert.pem , then external URL have to be specified in "%plesk_dir%\admin\conf\panel.ini" file as follows:

1. Log in to the server via RDP
2. open panel.ini file with text editor. If there is no such file, copy it from a sample file - panel.ini.sample
3. add the following lines to the end of the file:

   CONFIG_TEXT: [php]
   curlCertificatesUrl = https://curl.haxx.se/ca/cacert.pem

The certificate will be updated during next execution of DailyMaintenance script. Or it can be updated manually, be executing the command below in command prompt:

C:\> "%plesk_cli%\repair" --update-php-curl-certificates