This is really good data to have and thank you for updating us with what you did to fix things!
If I’m understanding things correctly, that means that you’ve essentially told the WordPress site (specifically the php of the WordPress site) to use the host’s certificate bundle.
I took a closer look at the WP repo, and it looks like the ca-bundle.crt file will only be used if the request is made using one of the wp_remote_request functions:
In your case, with those plugins, they are using Guzzle and are likely crafting their own HTTP requests without using the built-in WP functions. The reason that your fix worked is that you are telling PHP and Guzzle to use the Host’s certs for the request.
To solve this long-term, I think there are two general paths:
-
The plugin devs could refactor the requests so that they benefit from the fallbacks and guarding that WP comes with. That’s likely not going to happen soon, but it might be something they would be interested in to make things more robust.
-
Local should bundle these certs so that lower-level requests can still be done over HTTPS.
I’d say #2 is definitely something that will make Local better, so I’ll put something in front of the dev team to take a closer look. I don’t have an ETA for when it will be worked on, so in the meantime, I’d say that you might be stuck having to manually add that line to the php.ini.hbs file.