View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010924 | Rocky-Linux-8 | ca-certificates | public | 2025-11-07 21:13 | 2025-11-07 21:13 |
| Reporter | Steve Sipes | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Summary | 0010924: curl: (60) SSL certificate problem: unable to get local issuer certificate | ||||
| Description | dnf upgrade from ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch to ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.noarch causes curl to fail with 'curl: (60) SSL certificate problem: unable to get local issuer certificate', only in a niche case where DNS is being proxied by Cloudflare and only if certain certificates are being returned. Server A (fails curl request) - proxied by Cloudflare, which Cloudflare is returning these set of SSL certificates Cloudflare TLS Issuing ECC CA 1 SSL.com TLS Transit ECC CA R2 SSL.com TLS ECC Root CA 2022 Server B (successful) - proxied by Cloudflare, which Cloudflare is returning these set of SSL certificates WE1 GTS Root R4 // replaced actual hostname with servera ]$ curl -vvI https://www.servera.com * Rebuilt URL to: https://www.servera.com/ * Trying 104.26.14.70... * TCP_NODELAY set * Connected to www.servera.com (104.26.14.70) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-11-07 21:13 | Steve Sipes | New Issue |
