I have had this “cURL error 60: SSL certificate problem: unable to get local issuer certificate” error occur a few times now on my Windows server with my WHMCS installations. It primarily has affected payment gateways which are using curl to communicate, which in my case was Go Cardless.
Not being a PHP developer, I always tend to forget the cause of the problem when it crops up, so hopefully, this will serve as a reminder to myself as well 🙂
The reason for this error is that curl needs a certificate authority cert in order to communicate over https, and obviously neither php nor curl itself includes this by default and curl doesn’t use the certs already installed on the server for whatever reason.
As a result of this, the error also occurs every time I switch PHP to a different php version or when I install latest php version, thus once again breaking apps/sites which were previously fixed. So you need to apply this solution to every php version you have installed, just in case.
How to fix
To resolve the error is actually easy, you simply need to define your CURL certificate authority information path in your php.ini
- Download the latest curl recognized certificates here: https://curl.haxx.se/ca/cacert.pem
- Save the cacert.pem file on your server.
- Then, in your php.ini file, scroll down to the [curl] section.
- You should see the CURL_CAINFO option already there, but commented out. Uncomment and set the path to the cacert.pem file. You should have a line like this:
[curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. curl.cainfo = "C:\PHP\cacert.pem"
Save and close your php.ini.
You may need to restart your webserver if the changes do not take, or on windows, restart application pool, and try your request again.
If you do not set the right path to the pem file, you will get a CURL 77 error.