cURL error 60: SSL certificate problem: certificate has expired
If you're having this issue with "curl" (or similar) on a Ubuntu 16 system, here's how we fixed it:
On the Ubuntu 16 system hosting the curl / app that fails:
- nano /etc/ca-certificates.conf
- Remove the line (or comment) specifying AddTrust_External_Root.crt
- apt update && apt install ca-certificates
- update-ca-certificates -f -v
- Try curl again with the URL that was failing before - hopefully it works now :)
To fix the problem, remove the expired root certificate from your domain certificate.
- Go to https://whatsmychaincert.com
- Test Your Server
- If they confirm you you have an expired root certificate, download and use the .crt without this certificate.
For ubuntu 14.04
Open your terminal
sudo su
wget https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000rfBO -O SHA-2_Root_USERTrust_RSA_Certification_Authority.crt --no-check-certificate
cp SHA-2_Root_USERTrust_RSA_Certification_Authority.crt /usr/share/ca-certificates/mozilla/
Then
dpkg-reconfigure ca-certificates and uncheck mozilla/AddTrust_External_Root.crt and check mozilla/2_Root_USERTrust_RSA_Certification_Authority.crt
or run sudo update-ca-certificates for uncheck those.