
Recently, many WordPress websites have encountered the cURL error 60: SSL certificate problem: certificate has expired error, causing failures in installing SSL certificates or some Plugins. This article shares the solution.
![]()
The reason for this is that Let's Encrypt stopped supporting the HTTP API request, causing websites using Let's Encrypt certificates to be unable to update their certificates, resulting in an expiration warning. So we just need to manually update the certificate.
Solution 1, Manual Certificate Replacement:
1. Downloadhttps:\/\/curl.se\/ca\/cacert.pemthis file;
2. Replace the content of cacert.pem into the file /wp-includes/certificates/ca-bundle.crt.
Then the certificate expiration warning will no longer appear.
Solution 2, Code-Based Certificate Replacement:
If you find manual replacement troublesome, you can also use the following code to replace it.
First, copy the code below, then paste it into your theme's functions file and save.
/**
* 保存代码后访问 http://你网址/?update-wp-ca-bundle
*/
if( isset( $_GET['update-wp-ca-bundle'] ) ){
$crt_file = ABSPATH . WPINC . '/certificates/ca-bundle.crt';
$new_crt_url = 'http://curl.haxx.se/ca/cacert.pem';
if( is_writable( $crt_file ) ){
$new_str = file_get_contents( $new_crt_url );
if( $new_str && strpos( $new_str, 'Bundle of CA Root Certificates' ) ){
$up = file_put_contents( $crt_file, $new_str );
echo $up ? 'OK: ca-bundle.crt updated' : 'ERROR: can`t put data to ca-bundle.crt';
}
else {
echo 'ERROR: can\'t download curl.haxx.se/ca/cacert.pem';
}
}
else {
echo 'ERROR: ca-bundle.crt not writable';
}
exit;
}
Then visit http://yourwebsite/?update-wp-ca-bundle and if it prompts update successful, it's done.
Solution 3, Plugin-Based Certificate Replacement:
If the above two solutions seem troublesome, you can directly install an SSL Certificate Manager plugin in the WP Admin Dashboard to resolve it.