License SSL Issue

I’ve been running into the following error while setting up my Kirby 4 license on the server:

is_file(): open_basedir restriction in effect. File(/etc/ssl/certs/cacert.pem) is not within the allowed path(s): (/var/www/vhosts/…/:/tmp/)

I’ve followed the steps of downloading the license file, renaming it to .license, and uploading it to the config folder (in site) as recommended. However, the problem persists. Any chance you’ve got some ideas on why this is happening and how I can fix it?

Thanks a lot for any help!

Did you check out the recommendations here: Can't activate Kirby License - #2 by lukasbestle?

Hi Sonja! Thanks for your swift reply. I’ve tried solution #1 a couple of times and I’ve also changed the remote.ca option, so my config.php file looks like this at the moment:

<?php
return [
    'debug' => false,
    'remote' => [
        'ca' => Remote::CA_INTERNAL
    ]
];

Alas without success. I still get the same error: is_file(): open_basedir restriction in effect. File(/etc/ssl/certs/cacert.pem) is not within the allowed path(s).

Ok, according to the documentation that seems to be the default value, anyway. Maybe try to set it to Remote::CA_SYSTEM instead to see if this makes a difference.

Also, do you have access to the php.ini file?

Oddly enough, neither Remote::CA_INTERNAL nor Remote::CA_SYSTEM appears to have any impact. Regrettably, I don’t have access to the php.ini file :frowning:

I also tried to set the value to false temporarily, but unfortunately, I get the same error. Modifying the config file doesn’t appear to have any significant impact on addressing this issue.

Maybe it would be best to get in touch with your provider.

I will, thanks! Will keep you updated in case we find a solution.

When constructing a new instance of the Remote class, Kirby tries to determine if the CA bundle defined in php.ini actually exists (and it does this no matter what the Kirby config says).
See: kirby/src/Http/Remote.php at 4.1.0 · getkirby/kirby · GitHub

In your case, however, PHP doesn’t get access to that file (even though curl might actually be able to use it), therefore the call to check whether the file exists or not throws an error.

You might want to put a @ before that is_file( so that the error is suppressed, this way the Kirby internal CA is used. Then open an issue on GitHub so that the team gets a chance to properly handle this eventuality.

		if (empty($cainfo) === false && @is_file($cainfo) === true) {

Holy moly, thank you so much. This worked like a charm! I’ll open an issue on GitHub as you said. Thanks again :pray:

1 Like