Archive.php unable to get local issuer certificate


#1

I have a problem when trying to run the archive.php file from my browser.

If I do a fresh install and only load piwik or archive.php under HTTP it works fine. As soon as I access piwik from HTTPS and then try to load the archive.php again it fails with the error regardless of using HTTP or HTTPS:

I have a valid SSL certificate that I paid for. It is not self signed.

INFO [2014-09-12 17:54:28] [7cb59] ---------------------------
INFO [2014-09-12 17:54:28] [7cb59] INIT
INFO [2014-09-12 17:54:28] [7cb59] Piwik is installed at: https://www.mysite.com/piwik/index.php
INFO [2014-09-12 17:54:28] [7cb59] Running Piwik 2.6.1 as Super User
ERROR [2014-09-12 17:54:29] [7cb59] The Piwik URL https://www.mysite.com/piwik/index.php does not seem to be pointing to a Piwik server. Response was ‘Got invalid response from API request: https://www.mysite.com/piwik/index.php?module=API&method=API.getDefaultMetricTranslations&format=original&serialize=1&trigger=archivephp. Response was ‘curl_exec: SSL certificate problem: unable to get local issuer certificate. Hostname requested was: www.mysite.com’’.

When I put an updated cacert.pem in the /piwik/core/DataFiles directory, the error changes to:

INFO [2014-09-12 18:06:06] [63efc] ---------------------------
INFO [2014-09-12 18:06:06] [63efc] INIT
INFO [2014-09-12 18:06:06] [63efc] Piwik is installed at: https://www.mysite.com/piwik/index.php
INFO [2014-09-12 18:06:06] [63efc] Running Piwik 2.6.1 as Super User
ERROR [2014-09-12 18:06:07] [63efc] Got invalid response from API request: https://www.mysite.com/piwik/index.php?module=API&method=API.getDefaultMetricTranslations&format=original&serialize=1&trigger=archivephp. Response was 'Got invalid response from API request: https://www.mysite.com/piwik/index.php?module=API&method=API.getDefaultMetricTranslations&format=original&serialize=1&trigger=archivephp. Response was ‘curl_exec: error setting certificate verify locations: CAfile: C:\site\wwwroot\piwik/core/DataFiles/cacert.pem CApath: none. Hostname requested was: www.mysite.com’'
ERROR [2014-09-12 18:06:07] [63efc] The Piwik URL https://www.mysite.com/piwik/index.php does not seem to be pointing to a Piwik server. Response was ‘’.

I started with piwik on version 2.4 and this error has persisted. I have been updating to beta releases as well.
I do not have CLI access to my web server. I also cannot change the default php.ini file.


(Matthieu Aubry) #2

Maybe search for this error “error setting certificate verify locations: CAfile: C:\site\wwwroot\piwik/core/DataFiles/cacert.pem CApath: none. Hostname requested was” on the internet to find a solution maybe? If you do please post it back here :slight_smile:


#3

I have searched all forms of this with no luck… maybe you can point me to a solution?


(Matthieu Aubry) #4

Sorry im not sure, maybe see this search result? 301 Moved Permanently


#5

Any solution for this? I have the same error in version 2.8.1,
Response was 'curl_exec: SSL certificate problem: unable to get local issuer certificate. Hostname requested was:

We also use a public ssl certificate.


(Matthieu Aubry) #6

If you get the message maybe something is wrong with the certificate

to work around this message use --accept-invalid-ssl-certificate


#7

OK. This worked for me. Thanks. But I’m sure this is a valid certificate.


#8

To solve problem look at the second post at the SO


#9

Now that Piwik has been updated to use SSL only during upgrade, not only can you no longer use your local filesystem for the path of the “latest.zip” file, but if you’re on Windows, you must ensure that you have a current Root Certificate Authority (CA) certificate file in PEM format, and configure PHP’s CURL extension to see it.

This should eliminate the warning for:


curl_exec: SSL certificate problem: unable to get local issuer certificate. Hostname requested was: builds.piwik.org

Essentially the steps are:
[ol]
[li] Download the latest PEM file from the CURL website or Github.
[/li] See http://curl.haxx.se/docs/caextract.html for the two links.
[li] Configure CURL in your php.ini to read this file:
[/li]

curl.cainfo = "<path-to>/cacert.pem"

[li] Restart IIS (or recycle your app pool).
[/li][/ol]

Hope this helps everyone on Windows.


(Matthieu Aubry) #10

Hi there,
Btw we added the cert file in Piwik itself so this step should not be necesary going forward


#11

@doublehelix: Thanks, this works for me

@matt: Looks like it doenst work on IIS with the added cert :slight_smile:


(Tassoman) #12

Hello there, sorry for bringing up an old topic.

I’m trying to query APIs from an intranet Piwik SSL installation using a self signed pem certificate.

I’ve encoded our pem cert inside the certificate file but I stil can’t connect to, any hint?
I’ve issued this command: cat mycert.pem >> core/DataFiles/cacert.pem