SSL peer certificate or SSH remote key was not OK

You are probably using self-signed SSL certifiacate, which will not pass when the CURLOPT_SSL_VERIFYPEER options is set.

There are two solutions:

1. Buy valid SSL certificate.
2. Disable SSL verification in Curl. (add --insecure option)

If you disable verification, you can't be sure if you are really communicating with your host.So it depends on level of security you need.

Beside CURLOPT_SSL_VERIFYPEER there are two other settings which might be changed to false/0:

CURLOPT_SSL_VERIFYHOSTCURLOPT_SSL_VERIFYSTATUS

Beware that you should fix your SSL certificates & settings instead of disable security!

Although I am answering an old post, I think it will help the new viewers-

You can check the problem by adding

$opts[CURLOPT_VERBOSE] = 1

For self signed certificate your client may connect with the server using IP address, because the host name is not available in DNS cache. In that case the COMMON NAME(CN) of your server certificate needs to match with the Server IP (put IP address as common name when generating the server certificate). When you do it correctly, you can see this message:

common name: 192.168.0.1 (matched)

Here 192.168.0.1 is an example.