The Composer installer script was not successful [exit code 1].

[courtens]

I have a multiple domain/certificate setup. How would Composer know what certificate / domain to check for?

When trying the install manually I get this: Installer corrupt

C:\64bit\composer>php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

C:\64bit\composer>php -r "if (hash_file('sha384', 'composer-setup.php') === 'a5c698ffe4b8e849a443b120cd5ba38043260d5c4023dbf93e1558871f1f07f58274fc6f4c93bcfd858c6bd0775cd8d1') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
Installer corrupt

Setup Log 2019-09-16 #001.txt

[johnstevenson]

There is probably an error in your php ini, as the following does not look like a correct file path to the cert bundle file (cafile):

Certificate location [from openssl.cafile ini setting]: C:\64bit\Apache24\conf\ssl.crt\filmfix_net_2017.crt

Likewise, the path to the capath directory is given as a file name:

capath=C:\64bit\Apache24\conf\ssl.crt

Installing manually will not help because Composer-Setup.exe simply runs the installation script that you would download for a manual setup. Even if you downloaded and installed the composer.phar (ie bypassing the installation script), Composer itself would still use the settings from you php.ini

[courtens]

C:\64bit\Apache24\conf\ssl.crt is actually a directory ssl,crt being a somewhat unusual directory name.
I added a backslash to capath, like this: capath=C:\64bit\Apache24\conf\ssl.crt\ and ran the install again. Now I am getting

error:1416F086:SSL routines:tls_porcess_server_certificate:certificate verify failed

[johnstevenson]

There is something wrong with your certificate bundle (ie the full certificate chain).

[courtens]

This is strange. I have an A+ testing my certificates, like for https://www.filmfix.net
I am thinking probably it has to do how I have PHP setup. I am running php-7.3.8-nts-Win32-VC15-x64 for IIS and php-7.3.8-Win32-VC15-x64 for Apache (and the "systems".)

I am not using Windows internal tools to control certificates, but use Apache.

I just noticed that I was missing a value for SSLCertificateChainFile in my Apache config file, and have added it. But that broke the chain, so I removed that line again.

Is the problem that I need an certificate for my IP address? If so, would a Self-Signed SSL Certificate work?

[johnstevenson]

Php is looking for the bundle of CA root certificates like the Mozilla bundle: https://curl.haxx.se/ca/cacert.pem

Both Composer and the installer include this so that everything works out of the box, but they will only use it if there are not specific php.ini entries. I'm no expert at setting up mod_ssl on Apache, but you probably don't need those php.ini entries and can just use the Apache config. Here is what the introduction to the about cacert.pem file states:

## It contains the certificates in PEM format and therefore
## can be directly used with curl / libcurl / php_curl, or with
## an Apache+mod_ssl webserver for SSL client authentication.
## Just configure this file as the SSLCACertificateFile.

[courtens]

Thank you so much ... I finally got to this point, but these instruction are very confusing.

Closing everything and rebooting is what I ended up doing.

[johnstevenson]

It all depends on what you have running on your PC at the time. If you already have a terminal process open (cmd.exe, Git Bash, Msys2, Cygwin etc, or any of these in programs like ConEmu, Commander etc) then running a composer command will invoke 2 environment lookups: one for the composer location, one for the php location. Because the terminal process inherits the environment of its parent process on invocation, it will not necessarily know these locations.

It is impossible to know if whatever the user is running (if anything) has received and responded to the environment changed Windows message that the installer has broadcast. So any one of the solutions offered may work.

In your case you had to restart, which is the nuclear option and should not normally be necessary.

I'm open to suggestions if you can improve the wording.

[courtens]

I over read the part of "one of the following"
I suggest adding OR after option 1 and 2

[johnstevenson]

Improved Information page: