公司有台老服务器,搭的php的环境,有个负载均横的服务 调用 curl_init 的时候报了 Problem with the SSL CA cert (path? access rights?) 网上各种脑补
yum install ca-certificates
yum reinstall ca-certificates
当我用 rpm -V ca-certificates 这个命令时的确没有输出
[root@app1 certs]# rpm -V ca-certificates
[root@app1 certs]# ls
Makefile ca-bundle.crt ca-bundle.trust.crt cacert.pem make-dummy-cert renew-dummy-cert
[root@app1 certs]# mv ca-bundle.crt.bak
mv: missing destination file operand after `ca-bundle.crt.bak'
Try `mv --help' for more information.
[root@app1 certs]# mv ca-bundle.crt ca-bundle.
ca-bundle.crt ca-bundle.trust.crt
[root@app1 certs]# mv ca-bundle.crt ca-bundle.crt.bak
[root@app1 certs]# ls
Makefile ca-bundle.crt.bak ca-bundle.trust.crt cacert.pem make-dummy-cert renew-dummy-cert
[root@app1 certs]# mv cacert.pem ca-bundle.crt
[root@app1 certs]# rpm -V ca-certificates
S.....T. c /etc/pki/tls/certs/ca-bundle.crt
一阵命令如虎的操作,显示出来了
最后重启了一下 php-fpm
[root@app1 certs]# service php-fpm restart
Restarting php-fpm daemon: php-fpm[-Feb- ::] ERROR: unable to bind listening socket for address '10.47.97.153:9000': Address already in use ()
[-Feb- ::] ERROR: FPM initialization failed
already running.
发现报错了子,心都是慌的,这个大概是把 php-fpm 进程给干掉,然后 nginx 自动会启新的 php-fpm ,刷一变报502,刷2变就正常了
到此问题解决了,突然还是发现 docker 好,至少镜像出了问题,可以在镜像里面解决.
分别参考:
https://*.com/questions/15135834/php-curl-curlopt-ssl-verifypeer-ignored#comment78570660_15237205
https://www.centos.org/forums/viewtopic.php?t=3711