How do I fix "curl_exec: Peer’s Certificate issuer is not recognized… Hostname requested was: plugins.matomo.org" FAQ - Troubleshooting

This message appears if you use a firewall or a proxy server that breaks SSL connections and re-encrypts them afterwards with its own certificate. Matomo uses a cacert file extracted from the Firefox browser and is therefore unable to connect to any SSL encrypted page with your specific setup.

To solve this issue, you are able to provide your own cacert file that trusts your proxies certificate. To use your own file, follow these steps:

upload your cacert.pem file in a folder on your server such as /path/to/your/cacert.pem
add custom_cacert_pem = "/path/to/your/cacert.pem" to the [General] section of your config file config/config.ini.php.
Make sure the certification is readable by your webserver.

Next FAQ: When I use force_ssl=1, I get “Too many redirects”. Also when I use https, CSV/PDF reports and graphs don’t work.

Previous FAQ: What to do when you see curl: (60) SSL certificate problem: unable to get local issuer certificate error?

How do I fix “curl_exec: Peer’s Certificate issuer is not recognized… Hostname requested was: plugins.matomo.org”

Feedback on this page