Local Lightning doesn’t add a .pem file for a certificate authority to allow curl to work securely. The issue can be fixed by manually adding
[curl]
curl.cainfo="path\to\file\cacert.pem"
to each site’s php.ini but this isn’t ideal especially for novice users
@gmcdonald, would you be able to provide a little more context on your operating environment (OS, version of Local)?
I was able to run a curl header check on a test site in Local (version 5.0.7) and didn’t have any SSL trouble, using only the Trust options in Local:
curl -IL https://test.local/
HTTP/2 200
server: nginx/1.16.0
date: Tue, 03 Dec 2019 20:09:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
vary: Accept-Encoding
x-powered-by: PHP/7.3.5
link: <https://test.local/index.php?rest_route=/>; rel="https://api.w.org/"
For those getting “SSL certificate problem: unable to get local issuer certificate” (for instance, when using the AWS SDK to connect to S3), this is the answer.
The PHP ini file for each site (Windows OS) will be [site]\conf\php\php.ini.hbs.
The latest cacert.pem file can be downloaeded from here: https://curl.haxx.se/docs/caextract.html
Save the file somewhere sensible (all your sites can use the same file).