SSL issues with curl

[Nate Reist]

I recently started getting errors when working with WP cli on the command line, but also PHP seems to be having the same issue. I'm not sure if this would be an OpenSSL issue and it not looking in the correct location for the public certificates:

Error: Failed to get url 'https://api.wordpress.org/core/checksums/1.0/?version=5.3.2&locale=en_US': cURL error 60: SSL: no alternative certificate subject name matches target host name 'api.wordpress.org'.

Note: I'm seeing the same issue on two separate servers running these versions of CentOS and cPanel/WHM.

 

[cPanelLauren]

The documentation explains this pretty well here: curl - SSL CA Certificates as well as how to check. Is the error only occurring with WordPress?

There are also the articles listed here:
Fix CURL (51) SSL error: no alternative certificate subject name matches

Curl error "no alternative certificate.."

We have a problem in only one of our servers hosted at Amazon (the development server). The problem happens when doing a curl request to a specific domain, by running this: > curl https://api....

stackoverflow.com

cPanel has the following for this I believe /usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/Mozilla/CA/cacert.pem but the mozilla bundle hasn't been updated since Jan 1 curl - Extract CA Certs from Mozilla

Composer certificate verify failed error - the ca-trust info could also need to be updated

There are also some other considerations to be made as well such as the following:

cPanel + pfSense + Let's Encrypt + Curl

I'm putting this in General Discussion, but if the mods want to move it, feel free. I had the dreaded “SSL certificate problem: unable to get local issuer certificate” problem when working with Let's Encrypt and scripts that were using CURL. My SSL certs for domains worked just fine in web...

forums.cpanel.net

It's really difficult to tell you specifically where the issue lies with the information provided.

 

[Nate Reist]

Sorry, it this occurred the with WordPress command line tool wp cli . When running commands that pull data from the domain api.wordpress.org (downloading packages/verifying updates checksums) it gets that error. I also notice the error when websites on those server when they try to pull the RSS feed from WordPress.org ( in the browser, but over ajax - so the server is requesting the feed ) as well. I tested those commands locally and from other servers at that time though and didn't have the same issue. They were able to verify the peer certificate, so ti seems just the two servers in question weren't able to verify the certificate.

It seems to be sporadic though, this morning it is not occurring, and I can't test an issue that is not occuring :-\ so for now I'll just wait until it happens again try to diagnose it so I can provide you better information. Thanks for the info, I'll let you know if I find anything!