After you installed a new SSL certificate on AWS, your PHP cURL requests (used for DB/API communication) stopped working. This usually happens because of certificate validation issues or misconfiguration of SSL/TLS.
Step 1: Test Your SSL
Run this on your AWS instance:
curl -Iv https://your-domain.com
If you see:
SSL certificate problem: unable to get local issuer certificate
→ You need to update your CA certificates.
Step 2: Update CA Certificates on AWS
For Ubuntu/Debian:
sudo apt-get update
sudo apt-get install ca-certificates
sudo update-ca-certificates
For Amazon Linux:
sudo yum update -y
sudo yum install ca-certificates -y
sudo update-ca-trust force-enable
sudo update-ca-trust extract
Step 3: Fix cURL in PHP
In your PHP script where you do curl_setopt, make sure you’re not disabling SSL verification unless testing.
Example:
$ch = curl_init("https://your-domain.com/api/endpoint");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// ✅ Enforce SSL check
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
// Optionally set CA path if needed
// curl_setopt($ch, CURLOPT_CAINFO, "/etc/ssl/certs/ca-bundle.crt");
$response = curl_exec($ch);
if ($response === false) {
echo "cURL Error: " . curl_error($ch);
}
curl_close($ch);
Step 4: Check Security Groups / NACL
Make sure AWS Security Group allows HTTPS (443) inbound and outbound traffic.
Step 5: Debug
Add this before executing:
var_dump(curl_version());
Check if ssl_version supports your certificate type (e.g., TLS 1.2+).
if Your cURL error:cURL Error: SSL certificate problem: unable to get local issuer certificate
cURL Error: SSL certificate problem: unable to get local issuer certificate
means PHP/cURL cannot validate the SSL certificate chain
Fix Options
1. Update CA Certificates on AWS
If you’re on Ubuntu/Debian:
sudo apt-get update sudo apt-get install ca-certificates -y sudo update-ca-certificates
If you’re on Amazon Linux / RHEL:
sudo yum update -y sudo yum install ca-certificates -y sudo update-ca-trust force-enable sudo update-ca-trust extract
This ensures /etc/ssl/certs/ca-bundle.crt is up to date.
2. Explicitly Tell PHP/cURL Where CA File Is
In your PHP code:
$ch = curl_init("https://www.infosectrain.com/my-admin/send_email_event.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
// Point to the CA bundle (path may differ by OS/PHP version)
curl_setopt($ch, CURLOPT_CAINFO, "/etc/ssl/certs/ca-bundle.crt");
// OR
// curl_setopt($ch, CURLOPT_CAPATH, "/etc/ssl/certs");
$response = curl_exec($ch);
if ($response === false) {
echo "cURL Error: " . curl_error($ch);
}
curl_close($ch);
3. Quick Test (Not Recommended for Production 🚨)
If you just want to test and bypass SSL check:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
⚠️ Use this only temporarily — it makes the connection insecure.
4. Verify Your Certificate Chain
Run:
echo | openssl s_client -connect www.infosectrain.com:443 -servername www.infosectrain.com
Check for:
Verify return code: 0 (ok)
If not, your SSL cert may be missing intermediate certificates → you’ll need to reconfigure SSL on your server (upload full chain .crt including intermediates).
