Get help on Discord

PHP client stopped working due to SSL certificate error

8 replies
Last updated: Oct 1, 2021
Hi Guys, it seems that the somehow the PHP client has stopped working, from about an hour ago I always get this error on the certificate:
PHP Fatal error:  Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: certificate has expired (see <https://curl.haxx.se/libcurl/c/libcurl-errors.html>) in /Users/nuovadot/Documents/siti_locali/ciclicorsa_site/wp-content/themes/ciclicorsa-3/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:201

Stack trace:

#0 /Users/nuovadot/Documents/siti_locali/ciclicorsa_site/wp-content/themes/ciclicorsa-3/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(155): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array)

#1 /Users/nuovadot/Documents/siti_locali/ciclicorsa_site/wp-content/themes/ciclicorsa-3/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(105): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handler\CurlHandler), Object(GuzzleHttp\Handler\EasyHandle), Object(GuzzleHttp\Handler\CurlFactory))

#2 /Users/nuovadot/Documents/siti_locali/ciclicorsa_site/wp-content/themes/ciclicorsa-3/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43):  in /Users/nuovadot/Documents/siti_locali/ciclicorsa_site/wp-content/themes/ciclicorsa-3/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 201

As you can see I’m using the PHP Client inside a wordpress theme, I get this error in any kind of environment: production or local.
AI Update

This was a specific incident that occurred on September 30, 2021, and it has already been resolved by Sanity's team. Based on the community thread, here's what happened and how it was fixed:

What happened: This was a server-side SSL certificate issue on Sanity's infrastructure, not a problem with the PHP client itself or your local setup. The error appeared suddenly across all environments (production and local) because it originated from Sanity's servers.

How it was resolved: The Sanity team identified the issue as being related to their SSL certificate chain and deployed a workaround on their end. According to the thread timeline:

  • Issue reported: September 30, 2021 at 3:05 PM
  • Sanity confirmed they were investigating: 3:26 PM
  • ETA for fix announced: 4:30 PM (30 minutes out)
  • Fix deployed: 7:50 PM
  • Confirmed working: October 1, 2021 at 6:58 AM

If you're experiencing this issue now: Since this was resolved in 2021, if you're seeing similar SSL certificate errors today, it's likely a different cause. Here are some troubleshooting steps:

  1. Update your CA certificates - Your system's certificate bundle may be outdated:

    • On Mac: brew update && brew upgrade openssl
    • On Ubuntu/Debian: sudo apt-get update && sudo apt-get install --only-upgrade ca-certificates
    • Update your php.ini to point to the latest cacert.pem from curl.se/ca/cacert.pem

  2. Check Sanity's status - Visit Sanity's status page to see if there are any current incidents

  3. Verify your PHP/OpenSSL versions - Outdated versions may have certificate validation issues. Run php -i | grep "OpenSSL" to check

Note: The temporary workaround of setting 'verify' => false in the Guzzle client (mentioned in the thread) should never be used in production as it disables SSL verification entirely and makes your application vulnerable to security attacks. Only use it for temporary local debugging if absolutely necessary.

by cURL docs the errror is:
CURLE_PEER_FAILED_VERIFICATION (60)The remote server’s SSL certificate or SSH md5 fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.
Thanks for reporting, Federico! We're looking into it to see if this is a cert issue on our end.
by cURL docs the errror is:
CURLE_PEER_FAILED_VERIFICATION (60)The remote server’s SSL certificate or SSH md5 fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.
By forcing the verify flag to false on the httpClient init it works:
$this->httpClient = new HttpClient([

'base_uri' => $this->clientConfig['url'],

'timeout' => $this->clientConfig['timeout'],

'handler' => $this->clientConfig['handler'],

'verify' => false

]);
If our theory is correct, and it’s the client-side CA bundle that is too old, you may want to try upgrading CA-certificates. You could also wait while we implement something on our side that should go around this issue, although you may still run into similar errors elsewhere in that case.
ETA for our workaround is 30 mins right now
Hi Federico. An update to say everything was rolled out on our end. Please let us know if you're still experiencing any issues.
Thanks! everything runs smoothly now.

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?