PHP cURL error 60: SSL certificate problem - Windows & Linux Fix

PHP cURL error 60: SSL certificate problem – Windows & Linux Fix

Devnote team
February 11, 2026
2
237 Views
0 Comments

If you are working with APIs in PHP and suddenly see: cURL error 60: SSL certificate problem: unable to get local issuer certificate it means PHP cannot verify the SSL certificate from the server you are requesting. This is extremely common on Windows setups (XAMPP, WAMP) and fresh Linux servers.

The fix is straightforward once you understand what is missing: a trusted CA certificate bundle.

Why does cURL error 60 happen?

PHP uses cURL to make HTTPS requests. cURL checks server certificates against a list of trusted Certificate Authorities (CA). If PHP cannot find that list, it refuses the connection for security reasons. So the real issue is not your code, but your environment.

Fix on Windows (XAMPP / WAMP / PHP standalone)

Step 1: Download the CA bundle

Use the official curl project CA bundle:
https://curl.se/ca/cacert.pem

Save it somewhere stable, for example:

C:\xampp\php\extras\ssl\cacert.pem

Step 2: Edit php.ini

Open php.ini and find this line:

;curl.cainfo =

Uncomment and set the path:

curl.cainfo = "C:\xampp\php\extras\ssl\cacert.pem"

Also locate:

;openssl.cafile=

Set it too:

openssl.cafile="C:\xampp\php\extras\ssl\cacert.pem"

Restart Apache or PHP.

That’s it. cURL will now trust valid SSL certificates.

Fix on Linux (Ubuntu, Debian, CentOS, etc.)

Linux usually includes default CA packages. Install or update them:

Ubuntu / Debian

sudo apt-get update
sudo apt-get install ca-certificates
sudo update-ca-certificates

CentOS / RedHat / AlmaLinux

sudo yum install ca-certificates
sudo update-ca-trust force-enable
sudo update-ca-trust extract

After installation, PHP will automatically use the system’s CA store.

Using HTTPS inside Docker or CI

Many CI images are trimmed and do not include SSL bundles.

Simply install them:

apt-get update
apt-get install -y ca-certificates

Then rebuild your image.

You will see developers do this:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

It disables SSL verification and opens huge security risks.
Only use this for debugging local issues, never in production.

Quick checklist

If you still get the same error:

  • Did you restart Apache, Nginx, or PHP-FPM?
  • Is your php.ini the CLI one or the web one?
  • Are you editing the correct PHP version (7.4 vs 8.2)?
  • Is the CA file readable (correct path, no typos)?

Categories:

PHP

Other Articles

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Devnote provides a collection of tutorials about PHP, Laravel, WordPress, Django, MySQL, Bootstrap, Jquery, Ajax, APIs, CRUD operations, etc.

Devnote © , All Rights Reserved.

Page Links

Category

Follow Us

Facebook Instagram Twitter Youtube Linkedin Pinterest
Morbi, Gujarat, India - 363641