Kevinleary.net, LLC.

Fixing WordPress cURL  Errors

How to fix `cURL error 60: SSL certificate: unable to get local issuer certificate` errors in localhost WordPress environments.

WordPress uses a single class for all remote HTTP requests, WP_Http. This class uses cURL to handle these requests, and quite often I see developers encountering issues with localhost requests and self-signed certificates, especially if you’re using your own local certificate authority to sign your local development certificates. I use mkcert to do this myself, and it’s excellent.

Problem

One major problem, however, is that WordPress’s WP_Http class uses its own local certificate signing authority, one that’s included in the WordPress source code at /wp-includes/certificates/ca-bundle.crt. This bypasses whatever signing authority PHP has set itself, and is often the cause of the following cURL related PHP errors:

cURL error 60: SSL certificate: unable to get local issuer certificate
curl: (60) SSL certificate problem: unable to get local issuer certificate

Solution

To correct this, and repair any localhost cURL certificate issues for a WordPress site you can use the following function to bypass the local, hard coded CA used by WordPress for local TLD’s:

/**
 * Replace Localhost cURL Certificates
 *
 * If the URL for an HTTP request in WordPress contains a .test
 * TLD, replace the WordPress local /certificates/ca-bundle.crt
 * with the PHP supplied bundle.
 */
function kevinlearynet_curl_patch_http_request_args( $parsed_args, $url ) {

    // Request URL points to a *.test host
    // Change this to your localhost domain tld
    $tld = end( explode( ".", parse_url( $url, PHP_URL_HOST ) ) );
    if ( $tld !== 'test' ) return $parsed_args;

    // Replace WordPress local certificates with PHP's default cacert path
    $openssl_cert_locations = openssl_get_cert_locations();
    if ( isset( $openssl_cert_locations['default_cert_file'] ) ) {
        $parsed_args['sslcertificates'] = $openssl_cert_locations['default_cert_file']
    }

    return $parsed_args;
}
add_filter( 'http_request_args', 'kevinlearynet_curl_patch_http_request_args', 99, 2 );

Once you add this to your custom theme or functionality plugin, your cURL error 60 errors should disappear as WordPress uses the certificate authority provided by your PHP installation.

Related Articles

Meet the Author

Kevin Leary, WordPress Consultant

I'm a custom WordPress web developer and analytics consultant in Boston, MA with 16 years of experience building websites and applications. View a portfolio of my work or request an estimate for your next project.

 Created / Updated