I’ve been running into the following error while setting up my Kirby 4 license on the server:
is_file(): open_basedir restriction in effect. File(/etc/ssl/certs/cacert.pem) is not within the allowed path(s): (/var/www/vhosts/…/:/tmp/)
I’ve followed the steps of downloading the license file, renaming it to .license, and uploading it to the config folder (in site) as recommended. However, the problem persists. Any chance you’ve got some ideas on why this is happening and how I can fix it?
Hi Sonja! Thanks for your swift reply. I’ve tried solution #1 a couple of times and I’ve also changed the remote.ca option, so my config.php file looks like this at the moment:
Alas without success. I still get the same error: is_file(): open_basedir restriction in effect. File(/etc/ssl/certs/cacert.pem) is not within the allowed path(s).
Ok, according to the documentation that seems to be the default value, anyway. Maybe try to set it to Remote::CA_SYSTEM instead to see if this makes a difference.
I also tried to set the value to false temporarily, but unfortunately, I get the same error. Modifying the config file doesn’t appear to have any significant impact on addressing this issue.
When constructing a new instance of the Remote class, Kirby tries to determine if the CA bundle defined in php.ini actually exists (and it does this no matter what the Kirby config says).
See: kirby/src/Http/Remote.php at 4.1.0 · getkirby/kirby · GitHub
In your case, however, PHP doesn’t get access to that file (even though curl might actually be able to use it), therefore the call to check whether the file exists or not throws an error.
You might want to put a @ before that is_file( so that the error is suppressed, this way the Kirby internal CA is used. Then open an issue on GitHub so that the team gets a chance to properly handle this eventuality.
if (empty($cainfo) === false && @is_file($cainfo) === true) {
