Problem: Curl Error #77 on CentOS
Curl Error #77 often happens when using the curl command on CentOS systems. This error usually occurs because of issues with SSL certificate verification, which stops connections to HTTPS websites.
Diagnosing the Problem
Checking SSL Certificate Configurations
To diagnose Curl Error #77, start by checking the SSL certificate configurations. Check the CA certificate paths by looking for the ca-bundle.crt file in the /etc/pki/tls/certs/ directory. This file is important for SSL certificate validation.
Next, check the NSS (Network Security Services) settings. NSS is a set of libraries for cross-platform development of security-enabled client and server applications. Check if NSS is set to use the system-wide CA certificate database.
Look into system-wide SSL settings. Check for any wrong settings in the SSL-related files and directories, such as /etc/ssl/ and /etc/pki/.
Tip: Verify OpenSSL Version
Check your OpenSSL version using the command openssl version
. Make sure it's up-to-date, as older versions may have compatibility issues with certain SSL certificates.
Analyzing User Permissions
Compare root and non-root user access to find any permission-related issues. As seen in the example, the root user can make HTTPS requests, while cPanel users get Error #77. This difference points to a possible problem with user permissions.
Check file and directory permissions for SSL-related files. Make sure that the needed files, such as ca-bundle.crt, have the correct read permissions for all users who need to make HTTPS requests. Check the permissions of directories like /etc/pki/tls/certs/ and /etc/ssl/ to make sure the required users can access them.
Solutions to Fix Curl Error #77
Reinstalling CA Certificates
To fix Curl Error #77, reinstall the CA certificates package:
- Open a terminal as a root user.
- Run:
yum reinstall ca-certificates
- Wait for the installation to complete.
Verify the ca-bundle.crt soft link:
- Go to /etc/pki/tls/certs/
- Check if ca-bundle.crt exists and is a valid soft link.
- If missing, create it:
ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/tls/certs/ca-bundle.crt
Update the certificate database:
update-ca-trust extract
This updates the system's certificate store with the latest CA certificates.
Tip: Verify CA Certificate Installation
After reinstalling CA certificates, verify the installation by running:
curl -v https://www.example.com
If successful, you should see "SSL certificate verify ok" in the output.
Configuring NSS for CentOS
Set up NSS to read the OpenSSL PEM CA bundle:
- Check if libnsspem.so is installed:
ls /usr/lib64/libnsspem.so
- If missing, install it:
yum install nss-pem
Address libnsspem.so module issues:
- Verify the file location:
/usr/lib64/libnsspem.so
- Check permissions:
ls -l /usr/lib64/libnsspem.so
- Set correct permissions if needed:
chmod 755 /usr/lib64/libnsspem.so
Update NSS database formats:
- Run:
certutil -d sql:/etc/pki/nssdb -L
- If you see errors, recreate the database:
certutil -d sql:/etc/pki/nssdb -N
Adjusting User-Specific SSL Settings
For cPanel users with Curl Error #77:
- Log in to cPanel
- Go to SSL/TLS Manager
- Click on "Manage SSL Hosts"
- Check if the correct SSL certificate is assigned to the domain
Set correct paths for SSL certificates:
- In cPanel, go to "SSL/TLS Status"
- Verify that the correct certificate paths are set for each domain
Check SSL-related file permissions:
- As root, run:
ls -l /etc/pki/tls/certs/ca-bundle.crt
- Make it readable by all users:
chmod 644 /etc/pki/tls/certs/ca-bundle.crt
- Check directory permissions:
ls -ld /etc/pki/tls/certs/
- Set correct permissions:
chmod 755 /etc/pki/tls/certs/
These steps should help you resolve Curl Error #77 on your CentOS system.