I have Matomo 4.7.1 installed on RHEL8 and am getting an error message when running the core archive.
/opt/matomo/matomo-4.7.1/plugins/GeoIp2/GeoIP2AutoUpdater.php(175): GeoIP2AutoUpdater: failed to download 'https://download.db-ip.com/free/dbip-city-lite-2022-03.mmdb.gz' to '/opt/matomo/matomo-4.7.1/tmp/latest/DBIP-City.mmdb.gz.download': curl_exec: SSL certificate problem: unable to get local issuer certificate. Hostname requested was: download.db-ip.com [Query: , CLI mode: 1]
Our company uses a self signed cert and it is installed on this server and Apache and PHP both work as expected. I can use command line curl to download the file given in the error message with no problems, but running the core archive always shows the error. I also added the option to accept invalid ssl certificates and that didn't help.
php /opt/matomo/matomo/console core:archive --url=https://myserver.com/matomo/ --accept-invalid-ssl-certificate
I also updated the php.ini file with the path to the pem file and that didn't work.
curl.cainfo = "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
Is there anything else I am missing or can check?
Turns out there is config item for Matomo where you can set it to use your custom pem file instead of the one included with Matomo.
To solve this issue, you are able to provide your own cacert file that trusts your proxies certificate. To use your own file, follow these steps:
1. Upload your cacert.pem file in a folder on your server such as /path/to/your/cacert.pem
2. Add custom_cacert_pem = "/path/to/your/cacert.pem" to the [General] section of your config file config/config.ini.php.
3. Make sure the certification is readable by your webserver.