Fixing WordPress cURL  Errors

How to fix `cURL error 60: SSL certificate: unable to get local issuer certificate` errors in localhost WordPress environments.

WordPress uses a single class for all remote HTTP requests, WP_Http. This class uses cURL to handle these requests, and quite often I see developers encountering issues with localhost requests and self-signed certificates, especially if you’re using your own local certificate authority to sign your local development certificates. I use mkcert to do this myself, and it’s excellent.

Problem

One major problem, however, is that WordPress’s WP_Http class uses its own local certificate signing authority, one that’s included in the WordPress source code at /wp-includes/certificates/ca-bundle.crt. This bypasses whatever signing authority PHP has set itself, and is often the cause of the following cURL related PHP errors:

cURL error 60: SSL certificate: unable to get local issuer certificate
curl: (60) SSL certificate problem: unable to get local issuer certificate

Solution

To correct this, and repair any localhost cURL certificate issues for a WordPress site you can use the following function to bypass the local, hard coded CA used by WordPress for local TLD’s:

/**
 * Replace Localhost cURL Certificates
 *
 * If the URL for an HTTP request in WordPress contains a .test
 * TLD, replace the WordPress local /certificates/ca-bundle.crt
 * with the PHP supplied bundle.
 */
function kevinlearynet_curl_patch_http_request_args( $parsed_args, $url ) {

    // Request URL points to a *.test host
    // Change this to your localhost domain tld
    $tld = end( explode( ".", parse_url( $url, PHP_URL_HOST ) ) );
    if ( $tld !== 'test' ) return $parsed_args;

    // Replace WordPress local certificates with PHP's default cacert path
    $openssl_cert_locations = openssl_get_cert_locations();
    if ( isset( $openssl_cert_locations['default_cert_file'] ) ) {
        $parsed_args['sslcertificates'] = $openssl_cert_locations['default_cert_file']
    }

    return $parsed_args;
}
add_filter( 'http_request_args', 'kevinlearynet_curl_patch_http_request_args', 99, 2 );

Once you add this to your custom theme or functionality plugin, your cURL error 60 errors should disappear as WordPress uses the certificate authority provided by your PHP installation.