Software⏱️ 3 min read📅 2026-06-11

How to Fix: Getting SSL certificate error on valid certificate when accessing via Curl

Curl SSL certificate error on valid certificate when accessing via Curl

Quick Answer: Verify the CA bundle used with curl, ensure it includes the root CA that issued your wildcard SSL certificate.

📋 Table of Contents

  1. 💡 Why You Are Getting This Error
  2. 🛠️ Step-by-Step Verified Fixes
  3. 💡 Conclusion

This issue is affecting users who are trying to access a service using curl on systems running different versions of Ubuntu, such as 14.04 and 18.04, when they have a valid wildcard SSL certificate for *.mysite.com.

It can be frustrating because the error message may not clearly indicate the root cause of the problem, leading to additional troubleshooting efforts.

💡 Why You Are Getting This Error

  • The primary reason for this issue is that the CA bundle used by curl on older systems (Ubuntu 14.04) does not include the certificate authority's (CA) root certificate, which is required to validate the SSL certificate of service.mysite.com. This can be due to the fact that the CA bundle received from the SSL provider may not contain all the necessary root certificates for older systems.
  • An alternative reason could be that there are other issues with the SSL certificate or the system's configuration, such as a mismatch between the certificate's subject and the domain name being accessed.

🛠️ Step-by-Step Verified Fixes

Update CA bundle

  1. Step 1: Update curl to version 7.64.0-1ubuntu2.4 or later on all affected systems, which includes updated CA bundles.
  2. Step 2: Download the latest CA bundle for Ubuntu from the SSL provider's website and update the system's configuration to use this new bundle.
  3. Step 3: Verify that the updated CA bundle is being used by curl by running the command `curl --cacert /path/to/new/cabundle.crt` with a valid certificate.

Configure custom CA file

  1. Step 1: Create a custom CA file on each system that includes all the necessary root certificates for the SSL provider's CA bundle.
  2. Step 2: Specify this custom CA file when running curl using the `-cacert` option, like so: `curl -vv --cacert /path/to/custom-ca-file.crt https://service.mysite.com`.

💡 Conclusion

To resolve this issue, update curl to version 7.64.0-1ubuntu2.4 or later and use the latest CA bundle available from the SSL provider's website. Alternatively, configure a custom CA file on each system that includes all necessary root certificates for the SSL provider's CA bundle.

Did this fix your problem?

If not, try searching for specific error codes.

🔍 Search Error Database

❓ Frequently Asked Questions

🛠️ Related Fixes

How to Fix: Pc crashes shortly after launching game (rainbow

Fix Pc crashes shortly after launching game (rainbow six siege). Compl

How to Fix: Installing an APK on a locked down phone

Installing an APK on a locked down phone: Try using a rooted device, e

How to Fix: New PC build- no signal and no clue

Fix New PC build- no signal and no clue. Complete troubleshooting guid