Articles in this section

On Plesk for Linux server, curl command in chrooted shell or in scheduled task fails: curl: (77) error setting certificate verify locations

Gilson Siqueira
Updated
Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux

Symptoms

  • After upgrading Plesk a scheduled task of the type Run a command with a cURL request created in Subscriptions > example.com > Scheduled Tasks fails with the error:

    PLESK_ERROR: Task "curl -m 15 https://www.example.com/maintenance/cron.php" completed with error in 0 seconds, output:
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    curl: (77) error setting certificate verify locations:
    CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs

  • If the option Domains > example.com > Web Hosting Access > Access to the server over SSH for the subscription's system user is set to /bin/bash (chrooted), executing a curl command in the chrooted shell fails with the same error:

    MYSQL_LIN: $ curl https://google.com
    curl: (77) error setting certificate verify locations:
    CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs

Cause

The CA certificates are not added into the chrooted environment.

Resolution

Both for chrooted shell and scheduled tasks

  1. Connect to the server using SSH.

  2. Create directories for CA certificates in the chroot template:

    # mkdir -p /var/www/vhosts/chroot/etc/ssl/
    # mkdir -p /var/www/vhosts/chroot/usr/lib/
    # mkdir -p /var/www/vhosts/chroot/usr/share/ca-certificates/

  3. Copy the CA certificates to those directories:

    # cp -a /etc/ssl/* /var/www/vhosts/chroot/etc/ssl/
    # cp -a /usr/share/ca-certificates/* /var/www/vhosts/chroot/usr/share/ca-certificates/
    # cp -a /usr/lib/ssl /var/www/vhosts/chroot/usr/lib/*

  4. Update the chroot template by running below commands one by one:

    # curl -o update-chroot.sh https://raw.githubusercontent.com/plesk/kb-scripts/master/update-chroot/update-chroot.sh

    # chmod 700 update-chroot.sh

    # ./update-chroot.sh --apply all

Only for scheduled tasks

Change the shell for executing scheduled tasks:

  • In Plesk interface: go to Tools & Settings > Scheduled Tasks > Settings, change the parameter Crontab shell to /bin/bash, and click OK or Apply to save the changes.

  • In CLI:

    # plesk bin server_pref -u -crontab-secure-shell "/bin/bash"

Was this article helpful?

Comments

1 comment
Date Votes

Please sign in to leave a comment.