cURL error 60: SSL certificate problem: self signed certificate in certificate chain in WordPress

If you're developing locally using something like Valet and are trying to update WordPress, a plugin, or a theme, and see this error message, it could mean that something (like Netskope) is injecting their own SSL certificates into your request.
You can confirm whether that is your issue by going to wordpress.org and inspecting the SSL certificate in your browser. If you're using Brave (or Chrome) as your web browser, the steps are as follows:
- Click on the lock to the left of the URL
- Click on Connection is secure
- Click on Certificate is valid
- Look at who issued the certificate
It should look something like this:

But if you're seeing this:

Then this could very well be your problem.
Disable SSL verification
The easiest way to circumvent this problem is to disable SSL verification for local websites running on your machine.
Create a new file called disable-ssl-verification.php
in wp-content/mu-plugins
.
Then paste the following code into it:
<?php
/**
* Plugin Name: Disable SSL Verification
* Description: WordPress themes and plugin can't be updated when using a self-signed SSL certificate. This plugin disables SSL verification if the WordPress site is loaded using a <code>.test</code> domain.
* Version: 1.0.0
* Author: Ryan Sechrest
*/
if (!isset($_SERVER['SERVER_NAME'])) {
return;
}
if (!str_ends_with($_SERVER['SERVER_NAME'], '.test')) {
return;
}
add_filter('https_ssl_verify', '__return_false');
- We're checking to see if there is a
SERVER_NAME
set, e.g.example.org.test
- Then we're checking to see if the server name ends with
.test
- If both conditions are true, then we return
false
to thehttps_ssl_verify
WordPress filter to disable SSL verification
Now try to perform your update in WordPress again and it should work.
As an aside, if you're not familiar with mu-plugins
, it's similar to a plugin, but it doesn't have to be activated in the WordPress admin. mu-plugins
are always active if they exist. You can see them in the WordPress admin by going to Plugins and then filtering by Must-Use.
If you have any problems or need help tweaking this code snippet, leave a comment below.
Featured image by Mike Baumeister.