前段时间把服务器的 OpenSSL 升级了到 1.1.1c 版本,今天安装 Composer 的时候报错了!

报错的指令为:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

PHP 的错误日志记录如下:

PHP Warning:  copy(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in Command line code on line 1
PHP Warning:  copy(): Failed to enable crypto in Command line code on line 1
PHP Warning:  copy(https://getcomposer.org/installer): failed to open stream: operation failed in Command line code on line 1

经检查,报错是因为无法验证 CA 证书。

解决办法:

1、先检查 /etc 目录里有没有这样的文件:/etc/ssl/certs/ca-bundle.crt 或 /etc/pki/tls/certs/ca-bundle.crt。如果有的话,把这个路径配置到 php.ini 里:

openssl.cafile=/etc/ssl/certs/ca-bundle.crt

2、如果以上路径的文件不存在,则需要手动下载 CA 证书文件:

#新建目录用于存放 CA 证书
mkdir -p /usr/local/openssl/ssl/certs

#下载 CA 证书
curl -o /usr/local/openssl/ssl/certs/cacert.pem https://curl.haxx.se/ca/cacert.pem

然后在 php.ini 里配置:

openssl.cafile=/usr/local/openssl/ssl/certs/cacert.pem

3、记得重启 php-fpm。