Sometimes we see the error SSL certificate problem: unable to get local issuer certificate. and this will cause the payment flow to be interrupted because a connection cannot be made. In this article we will explain why this happens and possible solutions.
Why does this happen?
Whenever there is a request made to a URL this happens mostly over HTTPS nowadays. To be able to make this request a success every party involved must be verified to be sure they can be trusted. A party is considered trusted if their certificate is in the certificate chain and valid. If any certificate in the chain is invalid, the complete chain is considered invalid and cannot be trusted.
When cURL makes this request to a URL and cannot find a needed certificate in the certificate chain it will throw the SSL certificate problem: unable to get local issuer certificate. error. RO Payments makes several such requests during a payment transaction but also on the dashboard page in the backend. This is so you can be alerted if something is wrong with your certificate chain.
How to check what is wrong?
First step to take is to see if your certificate chain is correct, you can do this for example at the site What's My Chain Cert?. To check your complete SSL configuration go to SSL Server Test by SSL Labs.
What is the solution?
As an end-user or us as developers there is not much that can be done because this concerns the server configuration. Your hosting provider needs to setup the certificates on your server. Contact your hosting provider and let them know the results of your tests to show something is not working.
If you are hosting with Siteground you can take the following steps to resolve this problem:
- Generate the suggested chain from https://whatsmychaincert.com, (Root Certificate included)
- Go to your Site Tools > Security > SSL Manager > Actions > View Certificate
- Copy your Private Key and your Certificate Authority Bundle
- Once you have them saved, go to Site Tools > Security > SSL Manager > Actions > Delete Certificate
- Now you can go to Site Tools > Security > SSL Manager > Import
- In the import menu - paste the certificate chain you have from https://whatsmychaincert.com in the Certificate field (by opening the downloaded file in a text editor). The other fields should be populated by your Private Key and your Certificate Authority Bundle you just saved in step 2.
Do note, if the issue is caused by the Let's Encrypt automatic renewal, you will have to redo these steps every 3 months.