Auth0 Community

Getting Curl error 60: expired cert all of a sudden when using PHP SDK and calling https://xxx.us.auth0.com/oauth/token

shanster01 December 6, 2022, 5:36pm 1

Hi, we are getting Curl error 60: expired cert all of a sudden when using PHP SDK and calling https://xxx.us.auth0.com/oauth/token.

This seems to have happened overnight and only on one of our tenants, the other tenant works fine.

As suggested in other, similar topics I have tried updating the node version settings from 12 to 16 in hopes that might fix any CA issues, however that did not work.

Looking for any other suggestions on what I can try. My server certs are valid.

Many thanks!

1 Like

markreader December 6, 2022, 6:12pm 2

Seeing the same thing here. Been down all day. The cert was issued this morning. I have a ticket open with support.

shanster01 December 6, 2022, 6:18pm 3

Thanks, it’s great to know I’m not the only one!

markreader December 6, 2022, 6:22pm 4

Looks like we are the only two…

markreader December 6, 2022, 6:29pm 5

New comment for Case: https://support.auth0.com/tickets/01873741

Hi Mark,

Thanks for contacting Auth0 Support.

This issue is related to a recent change in the CA we use. The problem seems to be that your client’s certificate manager is not using a version that’s accepting the proper CA.

You need to remove the expired root certificate (DST Root CA X3) from the trust store used by your client to verify the identity of TLS servers. If the new ISRG Root X1 self-signed certificate isn’t already in the trust store, add it.

Also, if you are using OpenSSL you must use version 1.1.0 or later. In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail.

The removal and addition of certificates from/into the system certificate trust stores is a highly specific operation depending on the operating system.

Also, here you will find a list of the minimum platform versions that trust the ISRG Root X1 certificate: https://letsencrypt.org/docs/certificate-compatibility/

Thanks,

Ellen

Ellen Conley
Developer Support Engineer II, Americas

1 Like

shanster01 December 6, 2022, 6:33pm 6

really strange, I have staging and development versions that are pretty much copies of my production environment and they do not encounter the issue when calling the Auth0 endpoints.

Thanks for supplying their response, at least that gives a direction to look in.

1 Like

varun December 9, 2022, 5:10pm 7

I had the same issue! Turns out our Php server was using a Ubuntu 16 where OpenSSL was 1.0.x, we updated to Ubuntu 18 LTS where OpenSSL 1.1.x and the error was resolved.

Topic		Replies	Views	Activity
Expired Certificate Errors from Certificate Authority Changes Knowledge Articles certificate , expire , ca	1	3185	December 15, 2022
CERT_HAS_EXPIRED error after login to our app Help	3	2660	December 20, 2022
Any ideas for "certificate has expired" Help	4	4348	October 16, 2021
Auth0 is Down for all our Environments and all our Users are reporting an outage! Help login-experience , login-prompt-new-experience	18	4197	December 9, 2022
Unable to complete network request; cURL error 60: SSL certificate problem: certificate has expired (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) Help sso , application	2	586	April 18, 2024