The cURL tool is a key component for establishing communication between the server and external resources. WordPress uses cURL (or similar PHP functions) to send HTTP and HTTPS requests when updating plugins, themes, or even when communicating with API servers.
In fact, whenever WordPress needs to connect to another server, it uses cURL to send data and receive the response. If there is a problem in the SSL certificate verification process, cURL returns an error titled cURL error 60: SSL certificate problem.
Cause of cURL error 60 in WordPress
This error usually occurs when the Root Certificates file on your server is expired or outdated. WordPress uses a file named /wp-includes/certificates/ca-bundle.crt to validate SSL. If one of the certificates in this file is invalid, cURL cannot complete the SSL trust chain and error 60 appears.
A prime example of this was when the DST Root CA X3 root certificate expired, and many WordPress sites suddenly encountered cURL errors.
Method 1: Replacing the Certificate File with the Updated cacert.pem Version (Main and Recommended Method)
This method involves downloading the updated version of the certificate file (cacert.pem) from the official cURL project source and replacing the contents of the ca-bundle.crt file in the WordPress path. In many cases, this resolves the SSL validation issue and the cURL error 60.
- Download the New Certificate File:
Visit the official cURL website and download the new file from the following address:
https://curl.se/ca/cacert.pem
- Back Up the Current WordPress File:
Go to the/wp-includes/certificates/path and create a backup of theca-bundle.crtfile so you can restore it if needed.
- Replacing the New File:
Open the downloadedcacert.pemfile and copy its entire content. Then, replace the content of theca-bundle.crtfile with it (or place the new file in the same path with the same name).
Now, open your WordPress site and try updating the plugins again. In most cases, the cURL error 60 will no longer be displayed.
Method 2: Updating PHP and cURL Version
If the above method does not work, your cURL or PHP version may be outdated and not support the new encryption algorithms.
To change the PHP version of your hosting to higher versions, you can do the following:
- Enter the Select PHP Version option in your cPanel.
- You can change the PHP version of your hosting account through the “Current PHP Version” option in the menu.
- Set the PHP version to a version other than native.
If you are using MultiPHP to configure your hosting’s PHP:
- Enter the MultiPHP Manager option in cPanel.
- Select the domain name where your website is created and for which you want to change the PHP version, and activate the checkbox on its left.
- In the menu opposite “PHP Version”, you can set the desired PHP version. By clicking “Apply”, the desired version will be set.
Method 3: Configure the SSL Certificate Path in php.ini
In some cases, the certificate file path may not be configured correctly in PHP. To ensure this:
- Open the php.ini file.
- Look for a line similar to the following:
curl.cainfo =
- Enter the new
cacert.pemfile path in this section, for example:
curl.cainfo = "/public_html/wp-includes/certificates/ca-bundle.crt"
The cURL error 60 SSL certificate problem is one of the most common communication issues in WordPress, which is usually resolved by replacing the old certificate file with the updated cacert.pem version.
If this method is not effective, it is best to check the PHP version, cURL, or the certificate path in php.ini.
By following these steps, you can ensure that plugin and theme updates will be performed without SSL errors, and your WordPress secure connection will remain stable.