Fixing cURL SSL Certificate Errors on Local WordPress Installations

If you're developing a WordPress site locally using tools like MAMP, WAMP, or a LAMP stack, you've likely encountered a frustrating error when trying to install plugins, themes, or check for updates: cURL failed with error #60: SSL certificate problem: unable to get local issuer certificate or a similar SSL-related cURL error.

This is one of the most common issues faced in local development environments. Let's break down why it happens and explore the most effective solutions.

Why This Error Occurs

WordPress uses the cURL library to communicate securely with external servers, like api.wordpress.org, to fetch plugin information and downloads. This secure communication (HTTPS) relies on SSL certificates.

On a live public server, a valid SSL certificate is issued by a trusted Certificate Authority (CA). However, on a local machine (localhost), you typically don't have a publicly trusted SSL certificate. You might have no certificate, a self-signed certificate, or one that isn't properly configured in your local PHP environment. When cURL tries to verify the certificate from wordpress.org against the list of trusted authorities on your local machine, this verification fails, causing the error.

As noted in the sample threads, this is strictly a local server configuration issue, not a bug in WordPress, a specific plugin, or WooCommerce.

Common Solutions

1. Manually Install Plugins and Themes

The simplest and most reliable workaround is to bypass the automated installer altogether.

• Download: Download the plugin or theme ZIP file directly from wordpress.org or the developer's website.
• Upload: In your WordPress admin dashboard, navigate to Plugins > Add New > Upload Plugin. Select the ZIP file and click Install Now.

This method does not rely on external SSL connections for the file transfer and is often the quickest fix.

2. Update the cURL CA Certificate Bundle (cacert.pem)

Your local PHP installation uses a bundle of trusted CA certificates to verify SSL connections. This bundle can become outdated or may be missing entirely.

1. Download the latest cacert.pem file from the official cURL website.
2. Place the file in a logical directory within your local server's file structure (e.g., C:/wamp64/bin/php/cacert.pem).
3. Open your php.ini file. (You can check which one is loaded by creating a phpinfo file).
4. Find or add these two lines, ensuring the path points to your new cacert.pem file:

   curl.cainfo = "C:/wamp64/bin/php/cacert.pem"
   openssl.cafile = "C:/wamp64/bin/php/cacert.pem"
   

5. Save the file and completely restart your local server (e.g., Apache, MySQL) for the changes to take effect.

3. Modify WordPress Configuration (Not Recommended for Production)

Warning: This solution disables SSL verification and introduces a security risk. It should only be used as a last resort in a local development environment and must never be used on a live, public website.

You can add a snippet to your wp-config.php file that tells WordPress not to verify SSL certificates.

// DISABLE SSL VERIFICATION FOR LOCALHOST (INSECURE - FOR DEVELOPMENT ONLY!)
define( 'WP_HTTP_BLOCK_EXTERNAL', false );
add_filter( 'https_ssl_verify', '__return_false' );
add_filter( 'https_local_ssl_verify', '__return_false' );

Important Considerations for Localhost

• You Cannot Get a Valid SSL for Localhost IPs: As highlighted in the sample threads, Certificate Authorities (CA) like Let's Encrypt cannot issue valid certificates for IP addresses (e.g., 172.17.0.1) or for the hostname "localhost." This is a fundamental security policy. Automated SSL plugins will fail for this reason.
• Self-Signed Certificates Cause Problems: While you can create a self-signed certificate for your local site, external services like api.wordpress.org will not trust it, leading to the same cURL error 60. The solutions above are often necessary even if you have a self-signed certificate.

By understanding the root cause of the SSL verification problem, you can choose the safest and most effective method to get your local development back on track. For most users, manually installing plugins or updating the cacert.pem file are the recommended approaches.