Solution for cURL error 60: SSL certificate problem: certificate has expired

Recently, many WordPress websites have encountered the cURL error 60: SSL certificate problem: certificate has expired error, causing failures in installing SSL certificates or some Plugins. This article shares the solution.The reason for this is that Let's Encrypt certificates have discontinued support for HTTP API requests, causing websites using Let's Encrypt certificates to be unable to update their certificates, resulting in certificate expiration warnings. Therefore, we just need to manually update the certificate.Solution 1, Manual Certificate Replacement:1. Downloadhttps:\/\/curl.se\/ca\/cacert.pemthis file; 2. Replace the content of cacert.pem into the file \/wp-includes\/certificates\/ca-bundle.crt. Then the certificate expiration warning will no longer appear.Solution 2, Code-Based Certificate Replacement:If manual replacement seems troublesome, you can also use the following code to replace it. First, copy the code below, then paste it into your Theme's functions file and save.

/**
* 保存代码后访问 http://你网址/?update-wp-ca-bundle
*/
if( isset( $_GET['update-wp-ca-bundle'] ) ){

$crt_file = ABSPATH . WPINC . '/certificates/ca-bundle.crt';
$new_crt_url = 'http://curl.haxx.se/ca/cacert.pem';

if( is_writable( $crt_file ) ){
$new_str = file_get_contents( $new_crt_url );

if( $new_str && strpos( $new_str, 'Bundle of CA Root Certificates' ) ){
$up = file_put_contents( $crt_file, $new_str );

echo $up ? 'OK: ca-bundle.crt updated' : 'ERROR: can`t put data to ca-bundle.crt';
}
else {
echo 'ERROR: can\'t download curl.haxx.se/ca/cacert.pem';
}
}
else {
echo 'ERROR: ca-bundle.crt not writable';
}

exit;
}

Then visit http:\/\/your-website\/?update-wp-ca-bundle. A success message will indicate the update is complete.Solution 3, Plugin-Based Certificate Replacement:If the above two solutions seem troublesome, you can directly install an SSL Certificate Manager plugin in the WP Admin Dashboard to resolve it.Plugin Download Link