Reprocedure

Write about this

https://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html

Context: https://curl.se/docs/sslcerts.html

https://kb.vmware.com/s/article/78471

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.

The full description

https://kb.vmware.com/s/article/78471

DBT https://github.com/dbt-labs/dbt-core/issues/4909

=== ref:" https://www.howtouselinux.com/post/exploring-unable-to-get-local-issuer-certificate

openssl s_client -connect google.com:443 -servername google.com

==== try 5: openssl verify -CAfile ca.pem cert.pem

https://www.howtouselinux.com/post/exploring-unable-to-get-local-issuer-certificate

'https://vsd.vn/en/tra-cuu-thong-ke/TK_MASO_GDCKNDTNN?tab=5'

curl https://vsd.vn/en/tra-cuu-thong-ke/TK_MASO_GDCKNDTNN?tab=5

requests.get('https://kb.vmware.com/s/article/78471')

requests.exceptions.SSLError: HTTPSConnectionPool(host='vsd.vn', port=443): Max retries exceeded with url: /en/tra-cuu-thong-ke/TK_MASO_GDCKNDTNN?tab=5 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

Context for this errors:

https://curl.se/docs/sslcerts.html

openssl s_client -showcerts -servername vsd.vn -connect vsd.vn:443 > cacert.pem

Fix

import certifi

certifi.where()

yum install -y ca-certificates update-ca-trust force-enable sudo ln -s /etc/ssl/your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem update-ca-trust

sudo cp /home/data_pt/.local/lib/python3.9/site-packages/certifi/cacert.pem /etc/pki/ca-trust/source/anchors/

Ref:¶

https://stackoverflow.com/questions/37043442/how-to-add-certificate-authority-file-in-centos-7

Test with Nguyen in this

ref: https://stackoverflow.com/questions/24611640/curl-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate

My case was different. I'm hosting a site behind a firewall. The error was caused by pfSense.

All is well when I accessed my site from WAN.

However, when the site was accessed from inside LAN (e.g. when Wordpress made a curl request to its own server, despite using the WAN IP 49.x.x.x), it was served the pfSense login page.

I identified the certificate as pfSense webConfigurator Self-Signed Certificate. No wonder curl threw an error.

Cause: What happened was that curl was using the site's WAN IP address 49.x.x.x. But, in the context of the web server, the WAN IP was the firewall.

Debug: I found that I was getting the pfSense certificate.

Solution: On the server hosting the site, point its own domain name to 127.0.0.1

By applying the solution, curl's request was properly handled by the web server, and not forwarded to the firewall which responded by sending the login page.

https://github.com/dbt-labs/dbt-core/issues/4909

import requests

try: with requests.get("https://vsd.vn", stream=True) as rsp: ip, port = rsp.raw._connection.sock.getpeername() print(ip, port) except: print("except") with requests.get("https://vsd.vn", stream=True, verify=False) as rsp: ip, port = rsp.raw._connection.sock.getpeername() print(ip, port)

Follow this: https://appdividend.com/2022/06/01/python-certifi/

Click on http://curl.haxx.se/ca/cacert.pem and download cacert.pem. After that, copy cacert.pem to openssl/zend, like ‘/usr/local/openssl-0.9.8/certs/cacert.pem’. Finally, navigate to the php.ini file, modify CURL. Add “cainfo = ‘/usr/local/openssl-0.9.8/certs/cacert.pem’" to modify it. Restart PHP Confirm if CURL can now read the HTTPS URL.

More detail: https://github.com/psf/requests/issues/6071

====

Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)

https://github.com/psf/requests/blob/main/HISTORY.md#2280-2022-06-09 Update > 2.28 will do the trick

====

https://bidhankhatri.com.np/system/enable-tls-1.3/

====s