cURL Error 60 w/ Joomla Toolbox Health Check and CF Origin Certs

I installed Joomla! Toolkit which runs a health check and indicated the following error on my domain which uses custom domain CF SSL and CF Origin SSL.

“Error in cURL request: Peer’s certificate issuer has been marked as not trusted by the user.”

Other domains that use Let’s Encrypt past the test as good.

I’m looking for confirmation this error was caused by the CF Origin self-signed cert which the local script was obviously pulling from to check. Reverting back to Let’s Encrypt resolved the issue.

If this is accurate, it would also explain the same error WordPress users are getting with the WorldPress Toolkit script.

Probably. The error message is a bit misleading as it leaves the impression the issuer has been actively marked as distrusted, which does not seem to be case. It simply is not part of a trusted certificate chain.

If you added Cloudflare’s root certificate to your system’s trusted certificates, the warning would most likely disappear.

I had everything properly installed for the CF Origin Root Cert, but from the backend, it says this which leads me to think I’m right.

Origin Certificates

Generate a free TLS certificate signed by Cloudflare to install on your origin server.

Origin Certificates are only valid for encryption between Cloudflare and your origin server.

The issue will be that whatever checks that certificate does not trust the root certificate. If you added it, it probably would do.