Matomo 4.7.1 core:archive ssl 证书问题

Matomo 4.7.1 core:archive ssl certificate problem

我在 RHEL8 上安装了 Matomo 4.7.1,当 运行 核心存档时我收到一条错误消息。

/opt/matomo/matomo-4.7.1/plugins/GeoIp2/GeoIP2AutoUpdater.php(175): GeoIP2AutoUpdater: failed to download 'https://download.db-ip.com/free/dbip-city-lite-2022-03.mmdb.gz' to '/opt/matomo/matomo-4.7.1/tmp/latest/DBIP-City.mmdb.gz.download': curl_exec: SSL certificate problem: unable to get local issuer certificate. Hostname requested was: download.db-ip.com [Query: , CLI mode: 1]

我们公司使用自签名证书,它安装在此服务器上,Apache 和 PHP 都按预期工作。我可以使用命令行 curl 毫无问题地下载错误消息中给出的文件,但 运行 核心存档始终显示错误。我还添加了接受无效 ssl 证书的选项,但这没有帮助。

php /opt/matomo/matomo/console core:archive --url=https://myserver.com/matomo/ --accept-invalid-ssl-certificate

我还用 pem 文件的路径更新了 php.ini 文件,但没有用。

curl.cainfo = "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"

还有什么我遗漏或可以检查的吗?

原来有 Matomo 的配置项,您可以在其中将其设置为使用自定义 pem 文件,而不是 Matomo 附带的文件。

https://forum.matomo.org/t/certificate-issues-during-update/30238/8https://matomo.org/faq/troubleshooting/faq_34226/

To solve this issue, you are able to provide your own cacert file that trusts your proxies certificate. To use your own file, follow these steps:

1. Upload your cacert.pem file in a folder on your server such as /path/to/your/cacert.pem
2. Add custom_cacert_pem = "/path/to/your/cacert.pem" to the [General] section of your config file config/config.ini.php.
3. Make sure the certification is readable by your webserver.