cURL and file_get_contents Functions Stop Working With SSL in cPanel

PHP.ini File

There’s an issue that suddenly started affecting websites on May 30, 2020 that breaks cURL and file_get_contents. This has to do with how cPanel handles external SSL requests, even if you have an installed (and properly working) SSL certificate.

Here are some of the errors you may see in your error_log file:

PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

file_get_contents(): Failed to enable crypto

file_get_contents(https://example.com): failed to open stream

You can read more about cPanels official statement here: https://support.cpanel.net/hc/en-us/articles/360049424193-PHP-Functions-failing-due-to-invalid-SSL

Well, I applied their hotfix, and it didn’t do anything.

After messing with my sites for 6 hours, I found that the simple fix is adding a single line to your PHP.ini file.

  • If you’re using WHM with cPanel, open MultiPHP INI Editor.
  • Then, click editor mode.
  • In a new line under [PHP], paste this line: openssl.cafile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  • Click save
  • Reboot your server

This is the location of my TLS CA Bundle on CentOS 7, but depending on your operating system, it may be in another directory, in which case you’d have to modify this line a bit.

For example, on some servers, this file may be here:

  • /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  • /usr/local/etc/openssl/cert.pem

I hope this helps somebody. I told my host about it and they said several other customers were having the same issue and they were grateful that I shared this information as they had no clue how to fix it.

 

 

Comments:

  1. Jeremy Allison says:

    I just removed Php 72

Leave a Reply

Copyright 2020, All rights reserved. Yadda yadda.