WORDPRESS : cURL error 60: SSL certificate
WordPress uses it's own CA bundle, located in WP/wp-includes/certificates
.
The CA bundle that was shipped with WordPress up until recently was outdated, as discussed in this issue: https://core.trac.wordpress.org/ticket/45807.
Setting sslverify
to false
is not recommended, and instead you can download an updated version of the bundle, https://github.com/WordPress/WordPress/tree/master/wp-includes/certificates and replace it in the wordpress folder.
Based on my recent experience, I believe that the message "self signed certificate in certificate chain" tells you the issue exactly - which is that whichever SSL site you are trying to access has a certificate in the chain that is not in the bunch that is referenced by cacert.pem.
This makes sense because the error reports that it is a self-signed certificate.. i.e. It would never be included in the downloaded cacert.pem file.
My solution was to get a Base64 encoded file containing the certificate chain of the site that I am trying to access.
How to: Use a browser to access the site you are trying to access, click the certificate part of the address (usually to the left of the address box with a lock icon) and the click on whatever your interface supports to see the list of certificates in the chain. Manually export those certificates to a text file.
Then append this text file with a text editor to the list of certificates (cacert.pem) that PHP is using for CURL actions.
You mention WordPress.. WordPress v4.9.6 has a bundle of certificates that it specifically references when it is upgrading or installing plugins at ./WordPress Instance\wp-includes\certificates. My stop-gap solution was to append the text file above (containing the local self signed-certificate chain) to the ca-bundle.crt file that you will find in that location.
One caveat - when you upgrade WordPress it will overwrite the ca-bundle.crt file, so you will have to re-add them - unless someone has a better solution..?