Curl_exec: SSL: invalid CA certificate #1 (offset 0) in bundle

I am seeing the following error several times on the Admin page:

curl_exec: SSL: invalid CA certificate #1 (offset 0) in bundle. Hostname requested was: plugins.piwik.org

I understand this is an SSL error but with the plugins domain?

I am also getting this error when I attempt to upgrade. The upgrade reports “failed” but proceeds anyway (and seems to work fine).

Any ideas?

I got the same error

I’m on MacOsx 10.12.2

Anyone can help me?

I get the same problem, also running Mac OS X 10.11

Same under 10.11.6 Server.

FWIW, running “curl https://plugins.piwik.org/” on the command line works without error, so perhaps this has something to do with the PHP curl_exec function.

@sbnoble, same here…

  • Marketplace = curl_exec: SSL: invalid CA certificate #1 (offset 0) in bundle. Hostname requested was: plugins.piwik.org
  • Plugin install = curl_exec: SSL: invalid CA certificate #1 (offset 0) in bundle. Hostname requested was: plugins.piwik.org
  • main screen administration = curl_exec: SSL: invalid CA certificate #1 (offset 0) in bundle. Hostname requested was: plugins.piwik.org

Checked with: SSL Server Test (Powered by Qualys SSL Labs) and got an A. chain and all are ok. So maybe it’s not us but Piwik.

Checked curl -v https://plugins.piwik.org and curl -v https://mydomain Both are ok. So I starting to think that curl in my php is not right or broken… will try a php upgrade

Piwik version: 3.0.1
MySQL version: 5.5.5
PHP version: 5.6.24 (tried newer version 5.6.30 and php7)

Yes!!! Found the solution.

$ php -i | grep “SSL Version”

I suspect you’ll see this:

SSL Version => SecureTransport

And that’s the problem. OS X is using SecureTransport and NOT OpenSSL.
Simple solution: php - Curl POST to HTTPS url gives SSLRead() error - Stack Overflow

So or you have to follow those steps (not complicated If you do a bit more with your osx) or Piwik has to add SecureTransport.

Many thanks gfive for this solution.
I don’t know if this is also the problem that affects https tracking. My Piwik is able to track only http pages. Can you give me feedback on this?
Thanks

I’m also on Mac OS X, 10.11

I saw the same updating from 2 to 3, but dismissed it as a quirk of a major upgrade.

I’m seeing it again now trying to update from 3.0.3 to 3.0.4. I’m also on Mac OS X 10.11.6 using Server.app and their built-in PHP, cURL, etc.

curl -v https://builds.piwik.org

reports no cert problems.

Both: php -i | grep “SSL Version” and curl -V report using SecureTransport.

Is this a piwik bug or OS bug or…?

Thanks.

I’ve just found there is bug report open for this issue: