cURL error 60: SSL certificate problem: certificate has expired
I cannot save license number with “cURL error 60: SSL certificate problem: certificate has expired” error.I already update SSL certification but, the error occur continuously.
!! Skip to solution !!
Thanks for noticing. I was able to reproduce this issue when contacting our API, so this must be something on our end. We will have a look at it and will report back here when the issue is fixed. We’re sorry for the inconvenience.
We did some research on this issue:
On 29 and 30 September 2021 root certificates used by Lets Encrypt expired. This could cause requests to our server to fail and you would see errors containing SSL certificates being invalid.
Since these certificates expiring was known long before happening, most software vendors took measures to prevent this from being a problem. But in some cases an issue can still arise for:
- older devices that receive no updates (e.g. an iPhone 4)
- devices that run outdated software (e.g. Windows XP or software with updates disabled)
- software that was not patched to handle the expiration
We have seen an update spree on software that was not, or wrongly, patched. So the issue should have a limited impact.
For users who still have this issue: make sure you run updated software (e.g. browser, webserver) or ask your host to do so.
Running the latest version of software on a modern device and still have this issue? Let us know via a ticket and supply us with information about the server running Admin Columns (brand, version, etc.). We will try to guide you to a fix.
Hope this helps!
I’m runing MAMP PRO latest version on macOS latest version and I got the same issue.
If you have this issue on local environments, you could add the following snippet that disables the SSL verification for your local website. That should fix the issue of having the expired certificate issue.
add_filter( 'http_request_args', function ( $r ) {
$r['sslverify'] = false;
return $r;
} );
Worked! Thanks Stefan!
Hi Stefan,
I am experiencing the same error (cURL error 60) on our WordPress website hosted on “Domainfactory” in Germany.
WordPress and Plugins up to date. PHP 7.3. Domainfactory is one of the biggest webhosters of Germany.
Your php snippet (to put the sslverify to false) works fine. But of course, this is just a temporary workaround.
Just wanted to inform you and others having the same issue.
best,
Nicolas
Hi Nicolas,
Thanks for letting us know. Unfortunately, we did everything we could to prevent this issue. As David mentioned in his previous comment, it seems that the client (software or hoster) needs to do something in order to fix this issue. Many software programs already offered updates to fix this issue. I think that you have to contact Domainfactory and ask them to update their servers to fix the let’s encrypt expired certificate error.
Hi there,
I have the same problem on my online virtual server.
Just installed a fresh WordPress (subfolder)… everything else works fine.
Certificate was just renewed.
More ideas?
Thx
andy
@Andy, you probably need to update your virtual server as well.
Installing WordPress does not change anything but it is the client itself that needs the update.
@stefan Thx for the reply. The server is pretty current and runs a bunch of other things (including WP and plugins). The only problem I have is activating ACP – no other (SSL) related problems. So I tend to think that the problem is elsewhere. I didn’t trace it (yet) however…
Why not simply providing an alternative license-activation, since it seems there are more users affected (and other plugin activations don’t show this problem)?
Unfortunately, there is no simple other solution to activate the license since this is a core feature in the plugin and we can’t simply change that. For now, you can leave it unactivated and update the plugin manually when this is necessary. Actually, we are not the only service/plugin where this issue occurs. Quite a lot of companies have this issue since the expiration of the LetsEncrypt certificates. David also gave a good answer in this topic about the SSL certificates:
https://www.admincolumns.com/forums/topic/composer-ssl-error/
@stefan Well, unfortunately it’s not as simple as that ;) – I just bought a license to simplify UI of the PODS plugin. But this integration is only available AFTER I activated ACP!
Nevertheless I just verified the server (running Plesk) and it seems everything is up-to-date (OS, settings and certificates). I also checked, if I can query other secure servers (using fetch) – which works just fine.
So the situation for us customers is quite unfortunate… (writing my own plugin which does what I need for now takes me a day or two (losing the features I just paid for :( ) – fixing the communication problem for ACP may take more (or less – who knows))…
You don’t really need to activate the plugin in order to install the Pods integration. You can download all the integrations from your account page and install the integration manually like you installed the main plugin.
@stefan Ah, I see… thanks for the info – that helps definitely!
Pierre, as you caould see, I had the same problem. I solved it by using code posted above.
I put this PHP code:
add_filter( ‘http_request_args’, function ( $r ) {
$r[‘sslverify’] = false;
return $r;
} );
at the end of functions.php file found in “wp-content/themes/[my_theme_name]/” directory.
So just download the file using FTP, make backup of it, paste the snippet code at the end and upload back. It worked like a charm.
Hi Pawel,
Thanks, I have just seen you had replied.
It worked, thanks again.
However, question to ACP team, does it affect website security? Does it disable SSL verifiaction?
Yes, my advice is not to use the solution by Pawel on a live website. I will pass the validation of SSL certificates so yeah, you probably don’t want that for other outgoing calls. You can also temporarily use this solution to activate the license and remove it afterward, but the best solution if of course to solve the issue at its source and see if you’re able to update the root certificates for your software that you’re using to run the website.
@stefan Hm – sorry to come back with this issue, too… but none of my other plugins/installations on this machine throws this kind of error, so couldn’t it simply be an issue on your side?
I re-verified SSL-settings/components and couldn’t figure out the source of the problem (at least not on my end and not in reasonable time). Using the filter was the easiest/quickest way to get it working… But tracking down an activation-problem to the last detail simply doesn’t fit into my current workload/time-frame. (So maybe a checkbox bypassing SSL-checks for the time being would ‘fix’ the problem until there’s a better solution?)
Not a problem at all @Andy. I understand the frustration and we like to solve this issue as well. But unfortunately, we did everything we could on our side and we simply don’t know what else we can do on our side. David also gave a good explanation of the issue here:
If anyone has a suggestion that we can try out, we’ll be more than happy to try that out. Our plugin calls our API to validate the license and this is performed over SSL (of course). This means that WordPress tries to verify the certificates, only the hook above bypasses that feature in WordPress.
Hi, I ran into this issue and solved it by manually updating your WordPress Certificate files to the latest version.
This file is the issue: ../wp-includes/certificates/ca-bundle.crt > it needs to be updated
Please follow this link instructions to solve it: https://wp-kama.com/note/error-making-request-wordpress
You are welcome!
Thank you very much Guido for the input, that is very helpful.
So for all of you who still run into this problem, the fix is to update the certificates in your WordPress installation.
- First download the latest certificate file from the WordPress repo
- Replace the current certificate file in your WordPress installation
wp-includes/certificates
- The error should now be gone when making connections to our API
Technical information
Commit message about the certificate change
The new certificates will be shipped in WordPress 5.9
You must be logged in to reply to this topic.