mkcert: WordPress health check error: curl: (60) SSL certificate problem: unable to get local issuer certificate

Ok so there is a filter to deal with this issue. Since I have this issue only on my local dev env, I created a must-use plugin that checks if the environment is local and looks for certificate in the desired file.

if ( '127.0.0.1' === $_SERVER['REMOTE_ADDR'] ) {
	add_filter( 'http_request_args', function( $r, $url ) {
		$r['sslcertificates'] = '/<ABS-PATH-TO-YOUR-PEM>/cacert.pem';
		return $r;
	}, 10, 2);
}

@healdev I am meeting the same situation. And found that there is a filter for updating the path. I have created a certificate for local use and point to that by calling the filter and put it inside functions.php.

add_filter( ‘http_request_args’, ‘modify_ca_cert_location’, 10, 2 ); function modify_ca_cert_location( $r ) { $r[‘sslcertificates’] = WP_CONTENT_DIR.‘/themes/wp-theme-name/ssl/ca-bundle.crt’; return $r; }

Thanks for the great research on this issue everyone. I made some of the solutions presented here into a dropin plugin: https://github.com/squarecandy/force-localhost-ca

The only hack I could find on my local dev environment is to manually edit /wp-includes/certificates/ca-bundle.crt and append the content of /Users/Username/Library/Application\ Support/mkcert/rootCA.pem to end of file That solved the problem, I just need to find a long-term solution…maybe a must-use plugin that would check and edit the file automatically… or I’ll try to find a hook

maybe consider opening an issue with WordPress to use the system store, I don’t think there’s any good reason not to

For what it’s worth, there are very good reasons not to use the system cert store. One of them is that WordPress and ClassicPress run on a very wide variety of servers, which includes servers that unfortunately have not been updated in a long time. This would cause many legitimate requests to fail.

Yeah, WordPress is configuring curl to use a hardcoded CA list, so there’s not much mkcert can do.

* Successfully set certificate verify locations:
* CAfile: /share/curl/curl-ca-bundle.crt

Closing this as it’s not a mkcert issue, but thanks for providing a workaround, and maybe consider opening an issue with WordPress to use the system store, I don’t think there’s any good reason not to.