Fix Guzzle Curl Error 60 SSL unable to get local issuer

While working with Apple’s new API for push notifications and Laravel, I had to make requests to Apple’s servers via http2 a Ubuntu 20.04 server. I did check and curl did have support for http2 and it was working.

Still I get this error message:

"Guzzle Curl Error 60 SSL unable to get local issuer"

The easy fix is to turn off verify SSL-host like this:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

However, this does not take care of the root cause. The cerificate is not valid.

Turns out that Debian removed GeoTrust cert that Apple CA was signed with (kind of) so this solves the issues for me by installing it:

wget --no-check-certificate -c   \
    && mkdir /usr/local/share/ca-certificates/extra                                                                       \
    && mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt                            \
    && update-ca-certificates