I’m encountering intermittent SSL verification issues when using file_get_contents in PHP to access multiple HTTPS URLs.
When I try to individually test URLs that fail, such as https://getcomposer.org/versions,with:
<?php
$options = [
"ssl" => [
"cafile" => "C:\\xampp\\php\\cacert.pem",
"verify_peer" => true,
"verify_peer_name" => true,
]
];
$context = stream_context_create($options);
echo file_get_contents('https://getcomposer.org/versions', false, $context);
?>
I receive the following errors:
// Error output: PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000086:SSL routines::certificate verify failed in C:\Users\HP\test.php on line 10
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000086:SSL routines::certificate verify failed in C:\Users\HP\test.php on line 10 PHP Warning: file_get_contents(): Failed to enable crypto in C:\Users\HP\test.php on line 10
Warning: file_get_contents(): Failed to enable crypto in C:\Users\HP\test.php on line 10 PHP Warning: file_get_contents(https://getcomposer.org/versions): Failed to open stream: operation failed in C:\Users\HP\test.php on line 10
Warning: file_get_contents(https://getcomposer.org/versions): Failed to open stream: operation failed in C:\Users\HP\test.php on line 10
```
So, for debugging purposes I created a script to check multiple domains:
<?php
$options = [
"ssl" => [
"cafile" => "C:\\xampp\\php\\cacert.pem",
"verify_peer" => true,
"verify_peer_name" => true,
]
];
$context = stream_context_create($options);
// List of domains to check
$domains = [
'https://google.com',
'https://youtube.com',
'https://example.com',
// 27 more domains
];
$working_domains = [];
$non_working_domains = [];
foreach ($domains as $domain) {
$response = @file_get_contents($domain, false, $context);
if ($response !== false) {
$working_domains[] = $domain;
} else {
$non_working_domains[] = $domain;
}
}
// Output results
echo "Working Domains:\n";
foreach ($working_domains as $working) {
echo $working . "\n";
}
echo "\nNon-Working Domains:\n";
foreach ($non_working_domains as $non_working) {
echo $non_working . "\n";
}
?>
The script outputs a list of working and non-working domains. Here are the results:
Working Domains:
https://google.com
https://youtube.com
https://www.facebook.com
https://twitter.com
https://www.amazon.com
https://www.microsoft.com
https://www.mozilla.org
https://www.wikipedia.org
https://www.quora.com
Non-Working Domains:
https://example.com
https://getcomposer.org
https://www.bbc.com
https://www.cnn.com
https://www.reuters.com
https://www.instagram.com
https://www.ebay.com
https://www.alibaba.com
https://www.harvard.edu
Stanford University
https://www.mit.edu
https://www.apple.com
https://www.github.com
https://www.netflix.com
https://www.spotify.com
https://www.dropbox.com
https://www.cloudflare.com
https://www.w3.org
https://www.random.org
https://example.org
https://www.linkedin.com
I am absolutely losing my mind. There does not seem to be any rhyme nor reason to which domains pass and fail. I suspect the issue might be related to SSL certificate verification, but I’m not sure how to diagnose it further. I’ve already ensured that the cacert.pem file is up-to-date and correctly referenced.
What could be causing some HTTPS URLs to fail while others work, and how can I resolve this issue?
You need to sign in to view this answers
Leave feedback about this