Troubleshooting: cURL error when using Cloudflare WARP / Zero Trust #977
-
Hey everyone, I was hoping someone can help me troubleshoot this. My company recently implemented Cloudflare's WARP / Zero Trust service, which works by installing an agent on each machine so Cloudflare can act as a man-in-the-middle for all traffic. After I installed the client, I had to select "Always Trust" in Keychain Access for the Cloudflare certificate it installed in order for any app and browsers to access the Internet without throwing errors. That got apps and browsers working, but cURL requests from web applications running through Herd are still failing – in particular, any self update or attempted plugin installation from within WordPress fails with the following error: Download failed.: cURL error 60: SSL certificate problem: unable to get local issuer certificate It seems like cURL in the versions of PHP bundled with Herd does not use Keychain for checking certificates, so I went the route of working on Herd's PHP configs. I've attempted several things, including:
Anyone have any ideas? Am I missing something simple, am I just not changing the proper config file? I also discovered that Herd resets the |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
I figured this out, so just posting a follow-up in case anyone else runs into this in the future. The issue had nothing to do with Herd – my config changes were working after additional testing against Herd's version of curl bundled with PHP. The issue was some functions in WordPress, like plugin downloading/updating, uses its internal HTTP API/client which maintains its own certificate authority list. You just need to append Cloudflare's certificate to the WP certificate bundle located at |
Beta Was this translation helpful? Give feedback.
I figured this out, so just posting a follow-up in case anyone else runs into this in the future. The issue had nothing to do with Herd – my config changes were working after additional testing against Herd's version of curl bundled with PHP.
The issue was some functions in WordPress, like plugin downloading/updating, uses its internal HTTP API/client which maintains its own certificate authority list. You just need to append Cloudflare's certificate to the WP certificate bundle located at
/wp-includes/certificates/ca-bundle.crt
. I wrote a script to do this, so now I can easily do that with any new WordPress installation.