Local Community

Expired SSL certificate

I believe these are connected to the issue I’ve been having.

This is the error I now get when sending a request to an external server.
cURL error 60: SSL certificate problem: certificate has expired (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

I’m able to connect, send a request, and receive a response locally via Postman.

I’ll second this. I’ve just updated to Local 6.1.4 but any external requests issued from WordPress are failing. I’m working on a theme which makes a call to an external API and am continually getting the expired SSL certificate error.

Is there a way to manually regenerate the SSL certificate on Mac?

You can go into the Keychain and remove the SSL for the site. When you look at the site in Local it will prompt you again to install a cert.

I tried this with Local 6.1.3 and 6.1.4 only to have the same results.

@EcomEric – you’re right that this is all related – that Let’s Encrypt expired cert was quite foundational to the larger Internet and how sites make secure HTTPS requests to each other.

Because Local doesn’t use virtulization (like Docker, Vagrant, etc) it’s trickier to zero in on certs and regenerating them. I’m still investigating a good way to work around this for that “Smar Slider 3” topic, and will let others know what I come up with.

To help me better understand where things are failing – are you able to share a snippet of code you are using to make external requests?

One other thing @sandersweb and @EcomEric – what OS and what version of that OS are you running?

Big Sur 11.6

At the point of error, Guzzle is what is giving the bad SSL message. I think
I can’t really share code or details of implementation for that matter as its a price integration :slight_smile:

1 Like

Yep ditto, Big Sur 11.6. The call is made using the WordPress HTTP class, so nothing special about that.

Thanks for the info @EcomEric @sandersweb – From my research into this, I think the issue is that we need to update Mac’s SSL certs (as you mention).

It looks like Loca’s PHP under Mac is using the cURL extension. Because of this, the outdated cert bundle is located at /etc/ssl/cert.pem

This StackOverflow answer from a couple of days ago seems to have fixed things for me on my Mac Big Sur machine:

To recap the steps outlined in that link:

  1. Backup the existing cert.pem file
  2. Download the latest cacert.pem file from here: curl - Extract CA Certs from Mozilla
  3. Move the cacert.pem file to overwrite the cert.pem file.

Here’s what that process looks like from within my terminal:

sudo cp /etc/ssl/cert.pem{,-orig}
# use curl, or manually download bundle
curl https://curl.se/ca/cacert.pem > cacert.pem
sudo mv cacert.pem /etc/ssl/cert.pem

@EcomEric – Can you try the above fix that I found from the StackOverflow answer?

@sandersweb – I think the above fix should work for your use case with the HTTP Class as well.

1 Like

@ben.turner
I can confirm this worked in my situation.

1 Like

I should also note that the SSL is still an issue for several plugins. Query Monitor shows 14 HTTP API Call errors. :frowning:

Please see my post here on how to hotfix the curl error (WP ships with an outdated cert inside its cert bundle, which causes trouble for OpenSSL 1.x branch):
https://community.localwp.com/t/getting-a-curl-error-when-trying-to-update-plugins-in-local/28093/4

3 Likes

This whole cert expiring has definitely made me aware of a level of WordPress I didn’t know before. Thanks to @henning for pointing me to that trac ticket in Core! I didn’t know that WP bundles it’s own certificates so that its HTTP API can cover for things that are lacking in the server environment.

Either way – @EcomEric – did following @henning 's link and updating WP core’s certs get things fixed for code that’s making use of the WordPress HTTP API?

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.