Skip to content
Latchkey

Composer "curl error 60: SSL certificate problem" in CI

Composer downloads over HTTPS via curl. Error 60 means curl could not verify the server certificate against the runner's CA bundle, often behind a TLS-inspecting proxy or on an image with a stale ca-certificates. Fix the trust store rather than disabling verification.

What this error means

composer install fails with "curl error 60 while downloading https://...: SSL certificate problem: unable to get local issuer certificate".

Composer
  [Composer\Downloader\TransportException]
  curl error 60 while downloading https://repo.packagist.org/packages.json:
  SSL certificate problem: unable to get local issuer certificate

Common causes

A proxy presents an untrusted certificate

A corporate TLS-inspecting proxy serves a certificate signed by a CA not in the runner trust store.

A stale or missing CA bundle on the runner

A slim image with outdated ca-certificates cannot validate the certificate chain.

How to fix it

Update the CA store or point curl at the corporate CA

  1. Refresh ca-certificates on the runner.
  2. If a proxy injects its own CA, point Composer/curl at that bundle.
  3. Re-run so the chain validates.
Terminal
sudo apt-get update && sudo apt-get install -y ca-certificates
sudo update-ca-certificates

Reference the CA bundle for curl explicitly

Point the CA file at the corporate bundle rather than disabling TLS verification.

Terminal
export CURL_CA_BUNDLE=/etc/ssl/certs/corp-ca.pem
composer install --no-interaction

How to prevent it

  • Keep ca-certificates current on custom runner images.
  • Install the corporate CA into the trust store, not into ad hoc flags.
  • Avoid disabling TLS verification as a permanent fix.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →