I recently updated my certificates using certify the web, and after that I get errors trying to access APIs using PHP and curl.
Server is Windows 11/Apache 2.4.65/PHP 8.4.12.
Error messages are either ‘self-signed certificate in certificate chain’ or ‘unable to get local issuer certificate’, depending on which API I try to use.
Any Ideas?
This means your apache config is not pointing to the latest certificate files and instead they are pointing to the default self signed certificates that exist on your machine.
Certify Certificate Manager does not update your apache config, it just renews certificates and optionally exports those certificates as files you can use for specific apps (like Apache), if you configure it to do so.
You should review your apache config for ssl to see which files they point to.
Thank you for your response!
My httpd.conf file contains these lines:
SSLEngine on
SSLCertificateFile ./cert/lparker/certificate.crt
SSLCertificateKeyFile ./cert/lparker/private.key
SSLCertificateChainFile ./cert/lparker/ca_bundle.crt
which do point to the cert files that were installed automatically by the certify the web deployment. And, this did work before the latest cert renewal. I have not made any changes to the apache config. I have done renewals for this site before and not had a problem. There is a 4th file that was installed at the same time as the other three called cacert.pem, but I find no reference to it in the apache config file.
You should review your deployment task parameter configuration (for the Deploy to Apache to Deploy to Generic Server task) in Certify to ensure those are the files it is exporting.