Fresh 22.04 install. SSL errors when trying to download files

Steve

6/28/24, 1:42 PM

New to Ubuntu but have some RHEL experience. On a fresh 22.04 install attempting to pull a file using...

php -r "copy('https://somesite.com/file.txt', 'mylocalfile.txt');"

I get the following error...

PHP Warning: copy(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A0000:SSL routines::certificate verify failed in Command line code on line 1
PHP Warning: copy(): Failed to enable crypto in Command line code on line 1
PHP Warning: copy('https://somesite.com/file.txt', 'mylocalfile.txt');: Failed to open stream: operation failed in Command line code on line 1.

This happens with any site. I tried downloading the server cert and placing it in /etc/ssl/certs/ca-certificates but no luck. I'm also getting similar errors when trying to do https file downloads.

I can use wget with --no-check-certificate but I need to get it to work without bypassing security. I'm assuming this is an easy fix but being new to Ubuntu is making it more complex than it should be.

Any suggestions would be greatly appreciated.

enter image description here

0 + 4

php

ssl

openssl

Thomas Ward

6/28/24, 2:57 PM

Can you do me a favor and run `curl https://ipinfo.io/ip` and see what the output is and if you receive SSL errors? When running things in PHP, the PHP command line might not properly be importing the proper SSL contexts, so testing via cURL won't hurt but will help test the certificate verification on your system. It sounds like you have a broken certificates install. Seeing the output of cURL or such will give us potentially more info than the PHP warnings.

Steve

6/28/24, 4:42 PM

This is the result... # curl https://ipinfo.io/ip curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled

Thomas Ward

6/28/24, 4:46 PM

Is there some type of proxy in line between your system and the Internet? Unsafe renegotiation disabled suggests something's eating your connection in an insecure way, which may *also* explain your certificate chain issues if your proxy uses its own CA / certificate to show 'valid certs' for every domain.

Steve

6/28/24, 4:48 PM

There is no proxy I am aware of.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Fresh 22.04 install. SSL errors when trying to download files

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.