I’m working with a HubSpot PHP wrapper library in my Laravel 5 application to retrieve deal information from the HubSpot API. Everything works perfectly when I test it on my local development environment.
However, after deploying to my production server (CentOS 7 running on AWS EC2 with Apache), I’m encountering an SSL certificate validation error. The specific error message I’m getting is:
cURL error 60: Peer’s Certificate issuer is not recognized
The request fails with a 500 status code. This seems to be related to SSL certificate verification on the server side.
Has anyone encountered this issue before? What would be the best approach to resolve this certificate validation problem while maintaining security?
centOS 7 on EC2 has this issue constantly. check /etc/ssl/certs/ first - it’s probably empty or old. i run yum install ca-certificates then restart apache. also verify your php.ini has the correct curl.cainfo path. fixed my hubspot API throwing the same error.
This SSL error happens because the server doesn’t recognize HubSpot’s certificate chain. I hit the same thing migrating a production app - Amazon Linux boxes often ship with incomplete certificate stores. Don’t bother downloading certificate bundles manually. Run curl --version first to see which CA bundle path it’s using, then check if that file exists and is up to date. On my CentOS box, I had to update system certificates AND configure Laravel’s HTTP client explicitly. In your HubSpot service config, make sure you’re setting the verify parameter right for the Guzzle client. Laravel defaults to system certificates, but if your server’s certificate store is incomplete, you’re screwed. After updating system certs with yum, restart Apache and any process managers you’ve got running.
Had this exact SSL issue for days with my Laravel app! Your production server doesn’t trust HubSpot’s certificate authority. Skip updating system certificates - just configure the HTTP client directly in Laravel instead. In config/services.php (or wherever you set up the HubSpot client), add the verify option pointing to a cacert.pem bundle. Grab the bundle from curl.haxx.se/ca/cacert.pem and drop it in your storage directory. Then set your HTTP requests to 'verify' => storage_path('cacert.pem'). This keeps everything portable and you won’t need root access. Test it with a quick API call to make sure the certificate chain validates.
I ran into this exact problem with a Laravel app hitting external APIs. Your production server’s CA certificate bundle is outdated or missing. Try yum update ca-certificates on CentOS first. If that doesn’t fix it, configure cURL to use a specific CA bundle by adding CURLOPT_CAINFO pointing to a cacert.pem file in your HTTP client config. You could also update OpenSSL and make sure the system certificate store is set up right. AWS EC2 instances often ship with bare-bones certificate bundles, so updating system certificates usually fixes it without breaking security.