curl: (60) SSL certificate problem: self signed certificate
curl: (60) SSL certificate problem: self signed certificate
DodaTech
2 min read
The error “curl: (60) SSL certificate problem: self signed certificate” means the server presented a self-signed certificate that is not trusted by any CA in the client’s store.
What It Means
A self-signed certificate is a certificate signed by its own private key rather than by a recognized Certificate Authority (CA). curl, by default, requires certificates to chain up to a trusted CA. A self-signed certificate fails this validation because it is not in the system’s trust store.
Why It Happens
- You are testing a local development server that uses a self-signed certificate.
- An internal tool generates its own self-signed certificate on first run.
- The certificate was created with
openssl req -x509 -newkey rsa:4096 ...but never added to the trust store. - The application does not ship with a custom CA bundle for its self-signed cert.
- A proxy or load balancer terminates TLS with a self-signed certificate.
How to Fix It
1. Skip certificate verification (development only)
curl -k https://localhost:80802. Add the self-signed certificate to the system trust store
sudo cp server.crt /usr/local/share/ca-certificates/server.crt
sudo update-ca-certificates3. Use curl with a custom CA file
curl --cacert /path/to/server.crt https://localhost:80804. Create a proper CA-signed certificate with Let’s Encrypt
sudo apt install certbot
sudo certbot certonly --standalone -d example.com5. For Docker development, mount the certificate
docker run -v /path/to/server.crt:/usr/local/share/ca-certificates/server.crt ...FAQ
Previous
command not found
Next
curl: (7) Failed to connect to localhost port 80: Connection refused
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro