SSL certificate problem: certificate has expired

In this article

A lot of websites are using a global certificate, which expired on September 30 2021. This creates an issue when you are trying to connect to our API.

The problem is not connected to us our our server in any way. It's connected to the certificate of your own server, and it can only be solved by your host!

Check the error

Go to our Help center and under Possible Conflicts press the Test connection button, your page will get refreshed with an error log inside the Debug information part. That log will contain a similar error:

* SSL certificate problem: certificate has expired
or:
* SSL certificate problem: unable to get local issuer certificate

What's the cause of the error?

The cause of the problem is that the root SSL certificate of the server is expired on September 30, 2021. This certificate is used to communicate between two websites, and this communication can only happen via https. The communication between two servers uses a different certificate than the communication between the browser and the website.

So even if you have a valid certificate for your site for the SSL connection between the site and browser you can still have another, expired certificate on the server that's used when your site communicates with other websites. If you receive the 60SSL certificate problem: certificate has expired error that means the server's root certificate has expired, and the host needs to update that.

Send your host this Let’s Encrypt article that explains the problem in detail: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ and tell them it's impacting you as well.

What's the solution?

⚠️ Warning: Server related problems need to be solved by the host. We're unable to provide support for server management.

The only solution to this problem is to get your host to update the root certificate on your server.

So, you need to contact your server host and ask them to insert a new cacert.pem file into their servers, and configure it within their php.ini file. That way your website won't use the globally accessible certificate anymore, but it will have its own.

Solution examples

You can find a few examples here on how to solve the problem on certain servers. You can send these instructions to your host which they should be able to understand and apply to your own server. Depending on the used server, some steps might be different.

⚠️ Warning: Server related problems need to be solved by the host. We're unable to provide support for server management.

Solution on WampServer

1

Download this cacert.pem file.

2

Place this file into your PHP folder. Like if you are using php7.4.9, put the file here:
C:\wamp64\bin\php\php7.4.9

3

Open the php.ini file of the server (left click on the Wamp icon → PHP → php.ini):

4

Find this line: ;curl.cainfo

5

Change it to where your cacert.pem file is: curl.cainfo = "C:\wamp64\bin\php\php7.4.9\cacert.pem"

6

Make sure you remove the ; sign at the beginning of the line!

7

Save the php.ini file.

8

Restart Wamp, and the problem should be fixed!

Solution on MAMP - Mac localhost server

1
Download this cacert.pem file.
2
Replace your MAMP server's file with it: /Applications/MAMP/Library/OpenSSL/certs/cacert.pem
3
Restart MAMP, and the problem should be fixed!

Solution on Windows server

1

Download this cacert.pem file.

2

Place this file into your PHP folder. Like if you are using php7.0 and your server installation happened in the Program Files (x86) folder, put the file here:
C:\Program Files (x86)\PHP\v7.0\

3

Open the php.ini file of the server.

4

Find this line: ;curl.cainfo

5

Change it to where your cacert.pem file is: curl.cainfo = "C:\Program Files (x86)\PHP\v7.0\cacert.pem"

6

Make sure you remove the ; sign at the beginning of the line!

7

Save the php.ini file.

8

Restart your server: iisreset /restart
and the problem should be fixed!

Error only displays during update

☝️ Note: The certificate update was shipped in many WordPress updates released on November 10, 2021 and it's also part of the 5.9 release. So if you use a newer version than those you already have the updated file.

This issue is connected to a certain OpenSSL version and a WordPress certificate problem. You can learn more about it here. To solve this problem, update your wp-includes/certificates/ca-bundle.crt file with the content you can find here: https://github.com/WordPress/WordPress/blob/master/wp-includes/certificates/ca-bundle.crt

Tips based on user feedbacks

openssl.cafile

One person with CentOS server, in his php.ini file also had to change the openssl.cafile value, to point to the new cacert.pem file:

openssl.cafile = "C:\wamp64\bin\php\php7.4.9\cacert.pem"

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.