cURL error 60: SSL certificate problem in WordPress

Posted on By Admin No Comments on cURL error 60: SSL certificate problem in WordPress

cURL error 60: SSL certificate problem in WordPress

If you encounter cURL error 60 in WordPress, it means your site is having trouble verifying the SSL certificate of a remote server. This error commonly appears when WordPress tries to communicate with external APIs or update services over HTTPS. The quick fix involves updating the CA certificates on your server or configuring WordPress to bypass strict SSL verification.

Quick Fix

  1. Download the latest cacert.pem file from the official cURL website.
  2. Upload the cacert.pem file to your server, preferably in a secure directory.
  3. Edit your php.ini file to point to the new CA bundle by adding or updating curl.cainfo and openssl.cafile directives.
  4. Restart your web server or PHP-FPM service to apply changes.
  5. Test your WordPress site again to confirm the error is resolved.

Why this happens

The cURL error 60 occurs because cURL, the library WordPress uses for HTTP requests, cannot verify the SSL certificate of the remote server. This usually happens when the CA (Certificate Authority) bundle on your server is outdated or missing. Without a valid CA bundle, cURL cannot confirm the authenticity of the SSL certificate, leading to the error.

Common scenarios include:

  • Outdated or missing CA certificates on your server.
  • Custom PHP installations without proper SSL configuration.
  • WordPress running on local or development environments with self-signed certificates.
  • Firewall or proxy servers interfering with SSL verification.

Step-by-step

1. Download the latest CA certificate bundle

Get the latest cacert.pem file from the official cURL website:

wget https://curl.se/ca/cacert.pem -O /path/to/your/cacert.pem

2. Upload the CA bundle to your server

Place the cacert.pem file in a secure directory on your server, for example:

/etc/ssl/certs/cacert.pem

3. Configure PHP to use the new CA bundle

Edit your php.ini file. The location of this file depends on your server setup. Common locations include /etc/php/7.x/apache2/php.ini or /etc/php/7.x/fpm/php.ini.

Add or update these lines:


curl.cainfo = "/etc/ssl/certs/cacert.pem"
openssl.cafile = "/etc/ssl/certs/cacert.pem"

4. Restart your web server or PHP service

Apply the changes by restarting your web server or PHP-FPM:

# For Apache
sudo systemctl restart apache2

# For Nginx with PHP-FPM
sudo systemctl restart php7.x-fpm
sudo systemctl restart nginx

5. Verify the fix in WordPress

Try performing the action that caused the error, such as updating plugins or themes, or connecting to an external API. The cURL error 60 should no longer appear.

Works on

Environment Notes
Apache Works by updating PHP’s php.ini and restarting Apache
Nginx + PHP-FPM Requires restarting PHP-FPM and Nginx after updating php.ini
LiteSpeed Update php.ini and restart LiteSpeed service
cPanel / Plesk Use the control panel’s PHP configuration editor or edit php.ini manually

FAQ

Q: Can I disable SSL verification to fix cURL error 60?
A: Disabling SSL verification is not recommended as it compromises security. Only use this as a temporary workaround in development environments.
Q: How do I find the location of my php.ini file?
A: Create a PHP file with <?php phpinfo(); ?> and access it via browser. Look for “Loaded Configuration File” to find the path.
Q: What if I don’t have access to php.ini?
A: Contact your hosting provider to update the CA certificates or configure PHP settings for you.
Q: Does this fix work for self-signed certificates?
A: No. Self-signed certificates require adding the certificate to your trusted CA bundle or disabling verification (not recommended).
Q: Will updating WordPress or plugins fix this error?
A: Not usually. This error is related to server configuration, not WordPress core or plugins.
Fixes & Errors Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Also by the maker of MySurveyReviews.com