Symptoms

The reCAPTCHA module may not able to connect to Google servers. The submission of the captcha causes watchdog errors with cURL enabled.

Technical background:

Googles uses SSL certificates that are signed by a Root Certificate Authority (CA) that may not integrated in most if not all cURL installations. The Guzzle and cURL libraries are typically configured to verify the SSL certificates and refuse the connection if this verification fails. This may be reconfigured with CURL options, but this cannot recommended.

Drupal 6 or Drupal 7

If a contrib module replaced the drupal_http_request() function in Drupal 7.22 or later with it's own function like HTTPRL or cURL you may see http connection failures. It may be difficult to identify the peer certificate cannot be authenticated errors if the library does not log or show these errors.

Drupal 8

Drupal 8 version uses Guzzle Http Client internally, but under the hood it may use cURL or PHP internals. If you installed PHP cURL on your PHP server it typically uses cURL and you may see an exception with error Peer certificate cannot be authenticated with known CA certificates or error code CURLE_SSL_CACERT (60).

Solution:

  1. Download latest cacert.pem from http://curl.haxx.se/docs/caextract.html.
  2. On global PHP level add curl.cainfo = [enter your path]\cacert.pem to your php.ini.
  3. Restart Apache service.

Comments

ykarthikvarma’s picture

ykarthikvarma commented

Still facing the same issue even after following the procedure mentioned

-> Download latest cacert.pem (As txt file) from http://curl.haxx.se/docs/caextract.html
-> Add curl.cainfo = [enter your path]\cacert.pem to your php.ini
-> Restart Apache service

I am using Drupal 8.1.0 on XAMP but the below error keeps on coming

GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in GuzzleHttp\Handler\CurlFactory::createRejection() (line 187 of D:\xampp\htdocs\services_display\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php).

Note: Posted this issue on https://www.drupal.org/node/2654474#comment-11232057 as well

cmurillo’s picture

cmurillo commented

Thanks for your help, greetings.

cilefen’s picture

cilefen commented

reCAPTCHA is not the only Drupal code that can exhibit this problem.

DocDJ-forum’s picture

DocDJ-forum commented

This problem also exists with downloading updates (manual and automatic) in Drupal 8.1.2, wherein Drupal only tries to download tar.gz files, on my Windows systems.

UPDATE (7/20/17): The cacert.pem solution appears to have fixed my problem in both Drupal 7.51 and 8.3.

regards,
DJ

vickey’s picture

vickey commented

I have made below changes to resolve this issue in the local xampp(Drupal 8.3.1) when execute Guzzle GET request in the custom module.

1. On global PHP level add openssl.cafile= [enter your path]\cacert.pem to your php.ini.
2. Restart Apache service.

Please try this if needed.

selinav’s picture

selinav commented

Same problem for me. It doesn't works with

On global PHP level add curl.cainfo= [enter your path]\cacert.pem to your php.ini..
On global PHP level add openssl.cafile= [enter your path]\cacert.pem to your php.ini.
Restart Apache service.

    Failed to fetch file due to error "cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)"
    Downloading updates failed:
        Failed to download devel from https://ftp.drupal.org/files/projects/devel-8.x-1.0-rc2.tar.gz

Any idea ?

thitoo’s picture

thitoo commented

I had got same issue on WAMP Server 3.0.8, PHP Version 5.6.25, Apache 2.4.23 and this solution got fixed for my Drupal 8 Website.

devad’s picture

devad commented

This solution fixed my Drupal 8 site as well.

---------------------------------------------------
Drupal developer. Available for new projects

Nikolino’s picture

Nikolino commented

If you don't have permission to edit the php.ini file, can I do it in other way? es. via setting.php?
Thank you

selinav’s picture

selinav commented

Finally, it waq the firewall of my company that block it!

ravi_admec’s picture

ravi_admec commented

you need just 3 steps!
1. download the cacert.pem file from the given url
2. define in php.ini as said
3. restart wamp

and u r ready to go.

Thanks

Ravi Bhadauria
https://www.admecindia.co.in
https://www.web-development-institute.com
https://www.graphic-design-institute.com
https://www.cadtraininginstitute.com

vineetkumar03’s picture

vineetkumar03 commented

download via http://curl.haxx.se/ca/cacert.pem
save under E:\xampp\apache\bin\cacert.pem
open php.ini
add following lines:
curl.cainfo=E:\xampp\apache\bin\cacert.pem
Restart Apache

edvanleeuwen’s picture

edvanleeuwen
Primary language Dutch
Location Waalwijk
commented

There is an instruction from RH to update the CA: https://access.redhat.com/solutions/1549003

Best regards,

Ed