Composer "curl error 60: SSL certificate problem" in CI
Composer downloads over HTTPS via curl. Error 60 means curl could not verify the server certificate against the runner's CA bundle, often behind a TLS-inspecting proxy or on an image with a stale ca-certificates. Fix the trust store rather than disabling verification.
What this error means
composer install fails with "curl error 60 while downloading https://...: SSL certificate problem: unable to get local issuer certificate".
[Composer\Downloader\TransportException]
curl error 60 while downloading https://repo.packagist.org/packages.json:
SSL certificate problem: unable to get local issuer certificateCommon causes
A proxy presents an untrusted certificate
A corporate TLS-inspecting proxy serves a certificate signed by a CA not in the runner trust store.
A stale or missing CA bundle on the runner
A slim image with outdated ca-certificates cannot validate the certificate chain.
How to fix it
Update the CA store or point curl at the corporate CA
- Refresh
ca-certificateson the runner. - If a proxy injects its own CA, point Composer/curl at that bundle.
- Re-run so the chain validates.
sudo apt-get update && sudo apt-get install -y ca-certificates
sudo update-ca-certificatesReference the CA bundle for curl explicitly
Point the CA file at the corporate bundle rather than disabling TLS verification.
export CURL_CA_BUNDLE=/etc/ssl/certs/corp-ca.pem
composer install --no-interactionHow to prevent it
- Keep
ca-certificatescurrent on custom runner images. - Install the corporate CA into the trust store, not into ad hoc flags.
- Avoid disabling TLS verification as a permanent fix.