Applicable to:
- Plesk for Windows
Symptoms
-
A website shows the following error:
CONFIG_TEXT: cURL error (77): Problem with the SSL CA cert (path? access rights?)cURL error (77): Problem with the SSL CA cert (path? access rights?)
OR
CONFIG_TEXT: Error : "error setting certificate verify locations: CAfile: C:\Parallels\Plesk\Additional\PHPSettings\cacert.pem CApath: none"
-
Website's PHP scripts may fail with the same error.
-
Plesk > Extensions may show the following error when trying to open it:
PLESK_ERROR: error setting certificate verify locations: CAfile: C:\Program Files (x86)\Plesk\admin\conf\cacert.pem CApath: none
Cause
PHP cURL uses an outdated set of root certificates to verify server certificates.
Resolution
-
Install
Panel.ini Editor
extension: Extensions > Server Tools section > Panel.ini Editor. -
Go to Extensions > My Extensions > Panel.ini Editor (Go To Extension) > Editor.
-
Add records below to the editor and Save changes:
CONFIG_TEXT: [php]
curlCertificatesUrl="http://curl.haxx.se/ca/cacert.pem" -
Wait till Daily task is executed(It's executed once a day).
-
Go to Domains > example.com > PHP Settings and add the line below into to Additional configuration directives. Replace path to
cacert.pem
with your own path.CONFIG_TEXT:
curl.cainfo="C:\Program Files (x86)\Plesk\Additional\PHPSettings\cacert.pem"
If it is required to apply the changes for all the domains using a particular PHP version go to Tools & Settings > PHP Settings> %php_version%, click on php.ini tab and add the aforementioned line:
-
Log into the server via RDP
-
Open
%plesk_dir%admin\conf\panel.ini
file (create it if does not exist)Note: %plesk_dir% by default is C:\Program Files (x86)\Plesk\
-
Add below directive to
panel.ini
.CONFIG_TEXT: [php]
curlCertificatesUrl="http://curl.haxx.se/ca/cacert.pem -
Download the
cacert.pem
file from the main curl website http://curl.haxx.se/ca/cacert.pem -
Place downloaded cacert.pem to
%plesk_dir%
Additional\PHPSettings\
directory. -
Wait till Daily task is executed(It's executed once a day).
Additional information
Why cacert.pem file is being overwritten with old certificate permanently?
Comments
7 comments
Is there a scheduled task which replaces the cacert.pem every night? Because if I replace the file with one I recently downloaded, all is working fine. But after one day the same error is existing again. Only replacing again helps.
@Fabian, Yes. Take a look at https://support.plesk.com/hc/en-us/articles/115003221993-Why-cacert-pem-file-is-being-overwritten-with-old-certificate-permanently-
You the best!!!!!!!
Anything for Centos 7 on this issue?
Same problem but with centOS, what is the solution for centOS?
Many thanks!
@Kevin Houghton from Web Enthusiasts, @Alessandro Diamantakidis,
For the particular domain:
1. Connect to the server using SSH.
2. Download the CA certificate store from the official cURL website and move it to the directory
/etc/ssl/certs/
:3. Log into Plesk.
4. Go to Domains > example.com > PHP Settings.
5. Add the following line into the field Additional configuration directives:
6. Click OK or Apply to save the changes.
For all domains under particular PHP version:
1. Log into Plesk.
2. Go to Tools & Settings > PHP Settings > select the required PHP_version > php.ini.
3. Add the following line into the end of the field:
@Anzhelika Khapaknysh
It worked for me !
Thanks a lot dear Anzhelika.
Please sign in to leave a comment.