Featured image of post Fix PHP Curl Comodo SSL Expired Error with GuzzleHttp verify
PHP Laravel

Fix PHP Curl Comodo SSL Expired Error with GuzzleHttp verify

PHP Curl throws a Comodo RSA SSL expired error on Linux due to missing Root CA. Use GuzzleHttp verify to point to the certificate file, globally or per service.

Problem

When fetching data from a website using Guzzle, I got this error:

1

cURL error 60: SSL certificate problem: certificate has expired

Opening the same URL in Chrome worked fine. Checking the SSL certificate showed it was issued by COMODO RSA Organization Validation Secure Server CA. After some research, I found the Root CA certificate was missing on Linux.

First Attempt

I downloaded the certificate from the Comodo website and placed it under /etc/ssl/certs. Still got the same error.

Final Solution

Specify the certificate path directly in GuzzleHttp:

1
2
3
4

use GuzzleHttp\Client;

$client = new Client(['verify' => '/path/to/cert.pem']);
$client->get('https://xx.xx.xx');

How to Do It in Laravel

If all HTTP requests need this certificate, bind it in AppServiceProvider:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

use GuzzleHttp\Client;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    public function register()
    {
        $this->app->bind(Client::class, function () {
            return new Client(['verify' => '/path/to/cert.pem']);
        });
    }
}

If only a specific service needs it, use contextual binding:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

use App\Services\GithubService;
use GuzzleHttp\Client;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    public function register()
    {
        $this->app->when(GitHubService::class)
            ->needs(Client::class)
            ->give(function () {
                return new Client(['verify' => '/path/to/cert.pem']);
            });
    }
}

This way only the Client injected into GitHubService will include the certificate — other usages remain unaffected.

References