I’m trying to install a Composer package in one of my Local sites:
composer require noweh/twitter-api-v2-php
But I get the following error message:
[Composer\Downloader\TransportException]
The "https://repo.packagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
What steps can be taken to replicate the issue? Feel free to include screenshots, videos, etc
Open Terminal inside of a Local project and run:
composer require noweh/twitter-api-v2-php
System Details
Local Version: Version 9.0.3+6684
Operating System (OS) and OS version: MacOS 14.0 (23A344)
Security Reminder
Local does a pretty good job of scrubbing private info from the logs and the errors it produces, however there’s always the possibility that something private can come through. Because these are public forums, always review the screenshots you are sharing to make sure there isn’t private info like passwords being displayed.
I found some resources for this that mentioned it could be a system clock issue and to ensure that your system clock is accurate. SSL certificates might fail verification if your system clock is significantly out of sync.
“Most common cause of this error is out of sync date/time, check what is your machine’s local time and use commands like ntp or chrony to sync your time. If you are having this problem in a docker container, the container would be using your host time. However, putting the computer in hibernate mode would make the time lock up. the only solution is to restart the whole computer.”
I found a lot of variants of this error on https://stackoverflow.com/ and https://github.com/ so if you’re still having trouble after checking that, then you might try doing some searching in their forums to see if anything else is fruitful.
I don’t see how they would get out of sync. My Mac sets time automatically. The only solution for this I saw if it is indeed the answer is to restart the computer.
I can’t reproduce this on Local 9.0.3 so far using Local’s composer (via “Site Shell”) or my system composer. (Example below with Local’s composer.)
So this might be system-specific as @Nick-B mentioned. Checking system time and confirming that there’s no VPN or corporate proxy in place that could affect certificate validation are good starting points. You could also try composer clear-cache.
composertest/app/public via 🐘 v8.1.29
> composer require noweh/twitter-api-v2-php
./composer.json has been created
Running composer update noweh/twitter-api-v2-php
Loading composer repositories with package information
Updating dependencies
Lock file operations: 10 installs, 0 updates, 0 removals
- Locking guzzlehttp/guzzle (7.9.2)
- Locking guzzlehttp/oauth-subscriber (0.6.0)
- Locking guzzlehttp/promises (2.0.3)
- Locking guzzlehttp/psr7 (2.7.0)
- Locking noweh/twitter-api-v2-php (3.5.0)
- Locking psr/http-client (1.0.3)
- Locking psr/http-factory (1.1.0)
- Locking psr/http-message (2.0)
- Locking ralouphie/getallheaders (3.0.3)
- Locking symfony/deprecation-contracts (v3.5.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 10 installs, 0 updates, 0 removals
- Installing guzzlehttp/promises (2.0.3): Extracting archive
- Installing ralouphie/getallheaders (3.0.3): Extracting archive
- Installing psr/http-message (2.0): Extracting archive
- Installing psr/http-factory (1.1.0): Extracting archive
- Installing guzzlehttp/psr7 (2.7.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
- Installing psr/http-client (1.0.3): Extracting archive
- Installing guzzlehttp/guzzle (7.9.2): Extracting archive
- Installing guzzlehttp/oauth-subscriber (0.6.0): Extracting archive
- Installing noweh/twitter-api-v2-php (3.5.0): Extracting archive
2 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
4 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found
Using version ^3.5 for noweh/twitter-api-v2-php
The only other thing that comes to my mind is that the PHP process uses the certificates bundled with WordPress to authenticate with remote servers over HTTPS:
I could maybe see there being issues if the site had a very old version of WordPress, or if there was an issue with the PHP binary finding the location of the ca-bundle.crt file.
@ben.turner yes, I did! Did happen to be related to the PHP version of my system. Composer was not referencing the version of PHP that the Local site instance was set up with, so I had to download PHP 8 on my system with the newly administered certs and then everything was able to update correctly.