Facebook - Curl Error SSL_CACERT SSL certificate

Question

I am getting "Curl Error : SSL_CACERT SSL certificate problem: unable to get local issuer certificate" when asking Facebook to scrape my page over https. How can I fix this so that Facebook can scrape my page without errors?

The page is hosted via Apache 2.4 proxying to IIS 10. Apache handles all certificates and IIS is on the local network. My page is running asp code (so no php) and solutions similar to these: edit the php.ini file or adding curl.pem to php folder will not work fix my problem ... or so I think?!?

IIS has no certificate installed.

I do have extension=php_curl.dll enabled -- and extension_dir = 'C:\64bit\php-7.0.6-Win32-VC14-x64\ext' defined in my php.ini file. I followed these steps to install Curl on Windows. And phpinfo.php confirms that cURL is enabled (cURL Information 7.47.1).

My proxy setup in my Apache config file is:

<IfModule mod_proxy.c>
    ProxyRequests Off
    ProxyPass           / http://192.168.1.101:88/com_ssl/
    ProxyPassReverse    / http://192.168.1.101:88/com_ssl/
    RewriteRule ^(.+)$  https://www.domainname.com/$1 [P,L] 
</IfModule>

I have no RequestHeader defined in my Apache proxy config file, such as suggested here in Step 10:

RequestHeader set "X-RP-UNIQUE-ID"     "%{UNIQUE_ID}e"
RequestHeader set "X-RP-REMOTE-USER"     "%{REMOTE_USER}e"
RequestHeader set "X-RP-SSL-PROTOCOL"     "%{SSL_PROTOCOL}s"
RequestHeader set "X-RP-SSL-CIPHER"     "%{SSL_CIPHER}s"

Is this what is missing to fix the error?

Answer 1

"unable to get local issuer certificate" is almost always the error message you get when the server doesn't provide an intermediate certificate as it should in the TLS handshake, and as WizKid suggests, running the ssllabs test against the server will indeed tell you if that is the case.