The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

curl can't find ca-bundle on centos7

Discussion in 'CloudLinux' started by uadm, Aug 6, 2015.

  1. uadm

    uadm Well-Known Member

    Joined:
    May 19, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    The problem is this:

    We run a page that sends curl request to a remote https server. This failed since we moved the account to a new centos7 server.

    It seems on centos7 /etc/pki/tls/certs/ca-bundle.crt is linked to /etc/pki/ca-trust/extracted/openssl/ca-bundle.crt which is not available to cagefs users.

    We tried to add /etc/pki to /etc/cagefs/cagefs.mp and run cagefsctl --remount-all
    but this doesn't help while /etc/pki/ca-trust is still not available to cagefs users.

    We also tried to delete the /etc/pki/tls/certs/ca-bundle.crt link and put there a real file, however to cagefs users it's still being shown as a link.

    finnaly we solved it with moving the bundle to the account directory and setting curl.cainfo="ca-bundle.crt" in it's php.ini.


    However we want to solve this server wide.

    Please advise.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,734
    Likes Received:
    661
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. uadm

    uadm Well-Known Member

    Joined:
    May 19, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    This account has noshell.
    It's not the shell it has or hasn't, when we disable cagefs for the account it can access the ca-bundle.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,734
    Likes Received:
    661
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    A resolution for this is scheduled for the next update from Cloud Linux. In the meantime, try running the following commands to address the issue:

    Code:
    cagefsctl --addrpm ca-certificates
    cagefsctl --force-update
    Thank you.
     
Loading...

Share This Page