Support » Plugin: MainWP Dashboard - The WordPress Manager for Professional Website Maintenance » cURL error 60: SSL certificate problem: certificate has expired

  • Resolved winrris

    (@winrris)


    Hi,

    I’m getting ‘cURL error 60: SSL certificate problem: certificate has expired’ error when trying to update plugins from zip file.

    I’ve contacted my hosting provider and that was their response:

    We've had a few reports of this today - It seems Let's Encrypt have deployed a change to their CA Bundle Setup that will be affecting older browsers and OS setups -
    
    https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
    
    It's possible the plugin isn't accommodating for this with it's checks and, as a result, is seeing an expired CA bundle when checking the SSLs hence the insecure connection despite it loading fine when you test or when checked via something like SSL Shopper.
    
    I'd recommend checking with MainWP just to confirm if there's anything that can be done their side to get the correct root CA with their checks.
Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author mainwp

    (@mainwp)

    Can you go to your Dashboard and go to Status –> server (/wp-admin/admin.php?page=ServerInformation) and locate cURL SSL Version and let me know what that is and also what is in the Server Software section.

    Thread Starter winrris

    (@winrris)

    cURL SSL Version: OpenSSL/1.0.2k-fips
    Server Software: Apache

    Moderator Steve Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Rep

    Plugin Author mainwp

    (@mainwp)

    A temporary workaround while you wait for your host is to tell your Dashboard to ignore SSL errors by going into Settings–>Advanced Settings and turning off Verify SSL certificate

    Thread Starter winrris

    (@winrris)

    Unfortunately, Settings–>Advanced Settings and turning off Verify SSL certificate does not work. My host keeps telling me its website/plugins issue, and they have done everything on their end… I’m confused

    I’ve found that deleting DST Root CA X3 certificate from /wp-includes/certificates/ca-bundle.crt file helps on some hostings, but I’m getting another error Installation failed: Not expected HTTP response.

    Thread Starter winrris

    (@winrris)

    Certificate seems to be fine also, not sure why I’m getting expired certificate error in MainWP:

    # openssl s_client -connect shelby**********templates.com:443 -servername shelby**********templates.com
    CONNECTED(00000003)
    depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
    verify return:1
    depth=1 C = US, O = Let's Encrypt, CN = R3
    verify return:1
    depth=0 CN = *.shelby**********templates.com
    verify return:1
    ---
    Certificate chain
     0 s:/CN=*.shelby**********templates.com
       i:/C=US/O=Let's Encrypt/CN=R3
     1 s:/C=US/O=Let's Encrypt/CN=R3
       i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
     2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
       i:/O=Digital Signature Trust Co./CN=DST Root CA X3
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    ****************************************************************
    ****************************************************************
    ****************************************************************
    ****************************************************************
    ****************************************************************
    ****************************************************************
    ****************************************************************
    ****************************************************************
    ****************************************************************
    -----END CERTIFICATE-----
    subject=/CN=*.shelby**********templates.com
    issuer=/C=US/O=Let's Encrypt/CN=R3
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 4809 bytes and written 457 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Plugin Author mainwp

    (@mainwp)

    cURL SSL Version: OpenSSL/1.0.2k-fips

    This needs to be at minimum 1.1. 1.1 was released 4 years ago and solved many issues

    This seems to be a global problem with Let’s Encript certificates.

    See here for a solution to this problem: https://wp-kama.com/note/error-making-request-wordpress

    @tkama – thanks, your solution works great!

    I found a wordpress plugin that fixed the Curl Error 60: SSL Certificate Problem: Certificate has expired error quickly and brilliantly!

    See https://wordpress.org/plugins/ssl-certificate-manager/

    I set the option to Use Newest cURL SSL Certificate. (Recommend!)

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.