Since last update I am having problems with WHMCS connecting via API to resellerclub.
When trying to sync domains I get this error: CURL Error: 77 - Problem with the SSL CA cert (path? access rights?)
I have not changed anything, this problem started after installing the updated packages in virtualmin.
I have checked the server ssl certs and they seem to be ok (/etc/pki/tls/certs)
It seems something changed in the last update and is causing this problem.
Hmm, I’m not sure of anything that would have been changed during the Virtualmin package updates to prevent curl from working properly.
But what you may want to do is run this command:
And then look at all the paths mentioned in there (such as the one mentioned alongside --with-ca-bundle), and then verify that your user has permission to access those paths.
You’d want to check not just the final destination, but each directory leading up to do (for example, not just “/etc/pki/tls/certs”, but also “/etc/pki” and “/etc/pki/tls”. Those files and directories would need to be world readable and world executable.
The permissions are set to root:root (rwxrwxrwx) for all files and folders under /pky
Meanwhile I ran this command: curl -I -v https://google.com
the output is:
/etc/pki$ curl -I -v https://google.com
- About to connect() to google.com port 443 (#0)
- Trying 220.127.116.11… connected
- Connected to google.com (18.104.22.168) port 443 (#0)
- Initializing NSS with certpath: sql:/etc/pki/nssdb
- Unable to initialize NSS database
- Initializing NSS with certpath: none
- Unable to initialize NSS
- NSS error -8023
- Closing connection #0
- Problem with the SSL CA cert (path? access rights?)
curl: (77) Problem with the SSL CA cert (path? access rights?)
t know if this adds any value to solving the problem. I have also restarted the server but it didnt work.
I now remember the last time I updated packages in virtualmin there was an error so now I did “yum update” and I got this:
[root@server ~]# yum update
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: PYCURL ERROR 77 - “Problem with the SSL CA cert (path? access rights?)”
- base: centos.hyve.com
- epel: mirrors.coreix.net
- extras: centos.serverspace.co.uk
- updates: centos.serverspace.co.uk
–> Running transaction check
—> Package nss-softokn-freebl.i686 0:3.14.3-18.el6_6 will be updated
—> Package nss-softokn-freebl.x86_64 0:3.14.3-18.el6_6 will be updated
—> Package nss-softokn-freebl.i686 0:3.14.3-19.el6_6 will be an update
—> Package nss-softokn-freebl.x86_64 0:3.14.3-19.el6_6 will be an update
—> Package wbt-virtual-server-theme.noarch 2:9.0-1 will be updated
—> Package wbt-virtual-server-theme.noarch 2:9.0-2 will be an update
–> Finished Dependency Resolution
Package Arch Version Repository Size
nss-softokn-freebl i686 3.14.3-19.el6_6 updates 156 k
nss-softokn-freebl x86_64 3.14.3-19.el6_6 updates 166 k
wbt-virtual-server-theme noarch 2:9.0-2 virtualmin-universal 2.3 M
Upgrade 3 Package(s)
Total size: 2.6 M
Is this ok [y/N]: y
error: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 11f63c51: BAD
Problem opening package wbt-virtual-server-theme-9.0-2.noarch.rpm
Are you using CentOS 6?
There’s apparently a bug in some of the CentOS package that can cause the RPM database to become corrupt. Some of the errors you’re seeing seem similar to the issues in here:
I’d suggest taking a peek at that thread, that may resolve some of the issues.
You may still need to review the permissions on the files and paths leading up to the SSL certs though.
Kicked off a stackoverflow thread about it here
Does not seem to be getting productive solutions anywhere yet.
Please let me know if you get anywhere, I will do likewise.
@jancas this will solve the problem for you, it just fixed my VPS https://www.virtualmin.com/node/35857#comment-142843
Yes I also found the solution there, thanks