I am getting the following error using curl: curl: (77) error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none How do I set this certificate verify locations? Nimantha6,4846 gold badges31 silver badges76 bronze badges asked Jul 1, 2010 at 19:08 moorecatsmoorecats3,4924 gold badges22 silver badges23 bronze badges 6 I also had the newest version of ca-certificates installed but was still getting the error: curl: (77) error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none The issue was that curl expected the certificate to be at the path /etc/pki/tls/certs/ca-bundle.crt but could not find it because it was at the path /etc/ssl/certs/ca-certificates.crt. Copying my certificate to the expected destination by running sudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt worked for me. You will need to create folders for the target destination if they do not exist by running sudo mkdir -p /etc/pki/tls/certs If needed, modify the above command to make the destination file name match the path expected by curl, i.e. replace /etc/pki/tls/certs/ca-bundle.crt with the path following "CAfile:" in your error message. answered May 10, 2015 at 18:02 Scott EmmonsScott Emmons1,8913 gold badges13 silver badges9 bronze badges 3 This error is related to a missing package: ca-certificates. Install it. In Ubuntu Linux (and similar distro): # apt-get install ca-certificates In CygWin via Apt-Cyg # apt-cyg install ca-certificates In Arch Linux (Raspberry Pi) # pacman -S ca-certificates The documentation tells: This package includes PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections. As seen at: Debian -- Details of package ca-certificates in squeeze Ionică Bizău114k94 gold badges310 silver badges487 bronze badges answered Nov 15, 2012 at 15:41 Rubens MariuzzoRubens Mariuzzo29.3k27 gold badges123 silver badges149 bronze badges 12 Put this into your .bashrc # fix CURL certificates path export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt (see comment from Robert) answered Jun 25, 2015 at 20:43 6 Create a file ~/.curlrc with the following content cacert=/etc/ssl/certs/ca-certificates.crt as follows echo "cacert=/etc/ssl/certs/ca-certificates.crt" >> ~/.curlrc answered Jul 15, 2015 at 8:13 prabeeshprabeesh9459 silver badges11 bronze badges 4 The quickest way to get around the error is add on the -k option somewhere in your curl request. That option "allows connections to SSL cites without certs." (from curl --help) Be aware that this may mean that you're not talking to the endpoint you think you are, as they are presenting a certificate not signed by a CA you trust. For example: $ curl -o /usr/bin/apt-cyg https://raw.github.com/cfg/apt-cyg/master/apt-cyg gave me the following error response: curl: (77) error setting certificate verify locations: CAfile: /usr/ssl/certs/ca-bundle.crt CApath: none I added on -k: curl -o /usr/bin/apt-cyg https://raw.github.com/cfg/apt-cyg/master/apt-cyg -k and no error message. As a bonus, now I have apt-cyg installed. And ca-certificates. answered Jun 23, 2013 at 22:32 10gistic10gistic5653 silver badges13 bronze badges 7 From $ man curl: --cert-type (SSL) Tells curl what certificate type the provided certificate is in. PEM, DER and ENG are recognized types. If not specified, PEM is assumed. If this option is used several times, the last one will be used. --cacert (SSL) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file for this, so this option is typically used to alter that default file. Mark Fox8,9249 gold badges56 silver badges77 bronze badges answered Mar 29, 2012 at 13:03 @roens is correct. This affects all Anaconda users, with below error curl: (77) error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none The workaround is to use the default system curl and avoid messing with the prepended Anaconda PATH variable. You can either Rename the Anaconda curl binary :) mv /path/to/anaconda/bin/curl /path/to/anaconda/bin/curl_anaconda OR remove Anaconda curl conda remove curl $ which curl /usr/bin/curl [0] Anaconda Ubuntu curl Github issue https://github.com/conda/conda-recipes/issues/352 answered Jun 14, 2016 at 6:41 1 If anyone is still having trouble, try this, it worked for me. Delete the files in your /etc/ssl/certs/ directory then reinstall ca-certificates: sudo apt install ca-certificates --reinstall Did this when I tried installing Linuxbrew. brian d foy133k31 gold badges212 silver badges605 bronze badges answered Nov 24, 2019 at 22:36 2 Another alternative to fix this problem is to disable the certificate validation: echo insecure >> ~/.curlrc answered Aug 12, 2015 at 15:31 Pablo R. MierPablo R. Mier7571 gold badge8 silver badges14 bronze badges 1 I had the exact same problem. As it turns out, my /etc/ssl/certs/ca-certificates.crt file was malformed. The last entry showed something like this: -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIJAN..lots of certificate text....AwIBAgIJAN-----END CERTIFICATE----- After adding a newline before -----END CERTIFICATE-----, curl was able handle the certificates file. This was very annoying to find out since my update-ca-certificates command did not give me any warning. This may or may not be a version specific problem of curl, so here is my version, just for completeness: curl --version # curl 7.51.0 (x86_64-alpine-linux-musl) libcurl/7.51.0 OpenSSL/1.0.2j zlib/1.2.8 libssh2/1.7.0 # Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp # Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets answered Dec 21, 2016 at 13:51 ShrimpPhaserShrimpPhaser3,5071 gold badge24 silver badges22 bronze badges 0 For PHP code running on XAMPP on Windows I found I needed to edit php.ini to include the below [curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. curl.cainfo = curl-ca-bundle.crt and then copy to a file https://curl.haxx.se/ca/cacert.pem and rename to curl-ca-bundle.crt and place it under \xampp path (I couldn't get curl.capath to work). I also found the CAbundle on the cURL site wasn't enough for the remote site I was connecting to, so used one that is listed with a pre-compiled Windows version of curl 7.47.1 at http://winampplugins.co.uk/curl/ answered Mar 12, 2016 at 10:18 LJTLJT1,2893 gold badges20 silver badges25 bronze badges 1 This worked for me sudo apt-get install ca-certificates then go into the certificates folder at sudo cd /etc/ssl/certs then you copy the ca-certificates.crt file into the /etc/pki/tls/certs sudo cp ca-certificates.crt /etc/pki/tls/certs if there is no tls/certs folder: create one and change permissions using chmod 777 -R folderNAME Opal85k29 gold badges200 silver badges218 bronze badges answered Mar 16, 2015 at 12:52 2 curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. for example curl --insecure http://........ answered Oct 8, 2014 at 15:27 medameda45.5k14 gold badges95 silver badges123 bronze badges 1 It seems your curl points to a non-existing file with CA certs or similar. For the primary reference on CA certs with curl, see: https://curl.se/docs/sslcerts.html answered Jul 1, 2010 at 21:52 Daniel StenbergDaniel Stenberg58.4k19 gold badges159 silver badges232 bronze badges Just create the folders, which is missing in your system.. /etc/pki/tls/certs/ and create the file using the following command, sudo apt-get install ca-certificates and then copy and paste the certificate to the destination folder, which is showing in your error.. mine was " with message 'error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none' in " make sure you paste the file to the exact location mentioned in the error. Use the following command to copy paste.. sudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt Fixed. answered Mar 18, 2019 at 6:56 Manu R SManu R S9809 silver badges6 bronze badges 1 I came across this curl 77 problem while was trying to access elasticsearch running in docker container on Ubuntu 20.04 localhost. Afrer container was started: Check curl without ssl: curl --cacert http_ca.crt -u elastic https://localhost:9200 -k lowercase -k for insecure connection. Check curl configs: curl-config --configure, noticed what is ca-bundle: --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt. Copy http_ca.crt file from container to:/usr/local/share/ca-certificates/, original command is here. Run update on ca-certificates: sudo update-ca-certificates. Run curl: curl -u elastic: https://localhost:9201. Finally got response with "tagline" : "You Know, for Search". Change to the one that was generated when Docker Image was run. Also notice that on my machine elastic was started on port 9201 (don't know why: sudo ss -tlpn | grep 9200 gives me nothing), I have found the port with: sudo netstat -ntlp and Programm name was docker-proxy. answered Jun 7, 2022 at 15:53 dobhareachdobhareach3445 silver badges7 bronze badges I've got the same problem : I'm building an alpine based docker image, and when I want to curl to a website of my organisation, this error appears. To solve it, I have to get the CA cert of my company, then, I have to add it to the CA certs of my image. Get the CA certificate Use OpenSSL to get the certificates related to the website : openssl s_client -showcerts -servername my.company.website.org -connect my.company.website.org:443 This will output something like : CONNECTED(00000005) depth=2 CN = UbisoftRootCA verify error:num=19:self signed certificate in certificate chain ... -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ... Get the last certificate (the content between the -----BEGIN CERTIFICATE----- and the -----END CERTIFICATE----- markups included) and save it into a file (mycompanyRootCA.crt for example) Build your image Then, when you'll build your docker image from alpine, do the following : FROM alpine RUN apk add ca-certificates curl COPY mycompanyRootCA.crt /usr/local/share/ca-certificates/mycompanyRootCA.crt RUN update-ca-certificates Your image will now work properly! CDspace2,68919 gold badges32 silver badges39 bronze badges answered Nov 19, 2019 at 10:32 alphayaxalphayax3,1102 gold badges26 silver badges28 bronze badges I used to get this error when run composer update And I tried all the commands to reinstall the cert file, but the problem was not solved. I realized that the error is due to permission So the problem was solved with this command cd /etc/ssl sudo chmod 755 -R certs/ answered Apr 24, 2023 at 13:54 fatemeh sadeghifatemeh sadeghi2,6231 gold badge15 silver badges15 bronze badges For what it's worth, checking which curl is being run is significant too. A user on a shared machine I maintain had been getting this error. But the cause turned out to be because they'd installed Anaconda (http://continuum.io). Doing so put Anaconda's binary path before the standard $PATH, and it comes with its own curl binary, which had trouble finding the default certs that were installed on this Ubuntu machine. answered Dec 10, 2015 at 19:47 roensroens3522 silver badges9 bronze badges 1 Just find this solution works perfectly for me. echo 'cacert=/etc/ssl/certs/ca-certificates.crt' > ~/.curlrc I found this solution from here answered Apr 17, 2020 at 4:32 DanielDaniel3854 silver badges13 bronze badges Run following command in git bash that works fine for me git config --global http.sslverify "false" answered Jun 19, 2017 at 18:25 NivirNivir31.2k9 gold badges45 silver badges56 bronze badges 0 I use MobaXterm which intern uses Cygwin so even after installing ca-certificates using apt-cyg install ca-certificates problem didn't resolve. I was still getting the following error: curl: (77) error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none Then I tried listing the file /etc/ssl/certs/ca-certificates.crt and I couldn't find it. However I could find /usr/ssl/certs/ca-bundle.crt with all standard CA certificates so I copied the file /usr/ssl/certs/ca-bundle.crt as /etc/ssl/certs/ca-certificates.crt and problem got resolved. answered May 24, 2021 at 16:26 In my case (on Mac) I had a /etc/ssl/cert_new.pem instead of the default cert filename /etc/ssl/cert.pem. So I run sudo cp cert_new.pem cert.pem and all the ssl issues fixed. answered Jul 24, 2024 at 19:27 menepetmenepet88215 silver badges19 bronze badges In my case, it was a permission issue try sudo curl ..... answered Feb 28, 2023 at 8:59 MaverickMaverick1,18716 silver badges44 bronze badges Start asking to get answers Find the answer to your question by asking. Ask question Explore related questions See similar questions with these tags.