Version 2.x has problems with new Let's Encrypt cert due to expire or root cert

[gemal]

This is a (multiple allowed):

• bug

• enhancement

• feature-discussion (RFC)

• CakePHP Version: 2.10.24

• Platform and Target: cli

What you did

due to the old cert expiring:
https://scotthelme.co.uk/lets-encrypt-old-root-expiration/

use HttpSocket

try to get https://dmarcian.com

ERROR: Exception getting https://dmarcian.com/: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
stream_socket_client(): Failed to enable crypto
stream_socket_client(): unable to connect to ssl://dmarcian.com:443 (Unknown error)

What happened

EXPLAIN WHAT IS ACTUALLY HAPPENING, HERE.

What you expected to happen

can be fixed by downloading latest cacert.pem file from here:
https://curl.se/docs/caextract.html
and replacing
lib\Cake\Config\cacert.pem

[domstubbs]

I’m seeing this issue too. Updating the root certs does fix the problem – thanks.

Edit: For anyone that wants a clean fix, download the latest cacert.pem linked above and add it to your app/Config directory. Then update any HttpSocket calls as follows:

$HttpSocket = new HttpSocket([
  'ssl_cafile' => CONFIG . 'cacert.pem'
]);

[ADmad]

Cake 2.x has reached EOL and won't be receiving any updates.

Users need to update or specify the path to an up to date certificate file themselves.