JetPack can’t connect cURL error 60: SSL certificate problem:

  • Resolved Chuckie

    (@chuckie)


    3 years, 10 months ago

    I recently moved my WordPress site to a different host. I’m now using EasyWP.com, because it’s cheap and easy. I’m trying to connect to Jetpack, but I’m running into an issue when trying to connect my WordPress.com account. I receive the following error:

    cURL error 60: SSL certificate problem: unable to get local issuer certificate

    I’ve read a number of posts on this issue suggesting editing the php.ini file and pointing it to the .pem file. Unfortunately, I don’t have access to the php.ini because of the hosted environment.

    Has anyone encountered this issue, are there any suggestions on how to workaround this issue?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Yui

    (@fierevere)

    永子

    3 years, 10 months ago

    this error happened because of OpenSSL/GnuTLS bug and AddTrust Root CA certificate been expired.
    https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

    Jetpack.com is using SSL certificate issued by Sectigo and was affected by this problem. Currently Jetpack.com certificate has been fixed
    Are you still having issues?

    Thread Starter Chuckie

    (@chuckie)

    3 years, 10 months ago

    Yes, I’m still having issues.

    Maybe I should give it a few days for this issue to be fixed…

    –Chuck

    Thread Starter Chuckie

    (@chuckie)

    3 years, 10 months ago

    I’ve removed and reinstalled the JetPack plugin and I’m still encountering the above issue.

    I ran an SSL test. Here are the results:

    https://www.ssllabs.com/ssltest/analyze.html?d=chucksregard.com&s=63.250.43.1&hideResults=on&latest

    I don’t know how to read this, it appears my cert doesn’t support DNS CAA. Is this a correct reading?

    It also appears that Jetpack.com has the same issue: https://www.ssllabs.com/ssltest/analyze.html?d=jetpack.com&s=192.0.78.24&hideResults=on&latest

    Thanks,

    Chuck

    • This reply was modified 3 years, 10 months ago by Chuckie.
    Moderator Yui

    (@fierevere)

    永子

    3 years, 10 months ago

    curl error 60 appears for outgoing connections from your site.
    (In other words – your local SSL certificate is not used for this)

    DNS CAA is not important for establishing connections, its used by SSL Authorities only to determine if domain owner permits them to issue new certificate for domain. (No DNS-CAA means – all authorities can issue certificates)

    Your local certificate has a problem – Incomplete chain
    this can cause incoming SSL connections to fail (Jetpack is using both in and out connections)

    Please fix your certificate chain (or ask your webhosting support to do so)
    Those certificates marked as “Extra download” must be included in your server certificate chain.

    USERTrust RSA Certification Authority (root CA/or intermediate) MISSING
    Sectigo RSA Domain Validation Secure Server CA (intermediate) MISSING
    chucksregard.com (Your server certificate)

    If possible – ask your webhosting support to enable/implement SSL Session tickets, this will greatly increase connection performance for subsequent requests.

    Thread Starter Chuckie

    (@chuckie)

    3 years, 10 months ago

    @fierevere Thank you for your help, it turned out that the SSL cert was installed incorrectly.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘JetPack can’t connect cURL error 60: SSL certificate problem:’ is closed to new replies.