Depending on how your curl was compiled, it will likely use the CA store of your system to look for trusted CAs. Make sure the GoDaddy root certificate is there. Or, just give curl the GoDaddy root certificate directly with the --cacert option.

-mn


From: curl-users [mailto:curl-users-***@cool.haxx.se] On Behalf Of TC Haddad
Sent: August 2, 2018 9:23 PM
To: curl-***@cool.haxx.se
Subject: curl reports SSL certificate problem


hello,

I could use some advice on where to look for a solution. I recently installed a SSL certificate from GoDaddy on my server, and having been working my way through various issues that have occurred as a result.

At first I had an intermediate chain problem, but seem to have resolved it, at least according to the tests at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.coastalatlas.net
Which now reports an "A" grade and no certificate chain errors.

However I do have a service that is using curl to fetch from another service (both on the same server), and this service has been reporting errors from curl, e.g.:https://www.coastalatlas.net/mapcache/wmts/1.0.0/cz-poly/default/oca/5/11/4.png

The progress on the errors went like this:

- First it was reporting the chain problem, Once the chain problem was resolved,
- Next complained that a certificate was self-signed (it is true that GoDaddy Root certificate is self signed).
- Now I've removed the root certificate anchor from the chain, and the curl error is "unable to get local issuer certificate" (even though the chain is reported as ok in the tests above).

So I'm at a bit of a loss where to look next. Any suggestions? Is there a way for curl to recognize the GoDaddy root certificate as legitimate?

(this is Apache 2.4.33, curl 7.59.0)