earlier today our app started getting a bunch of ssl expiration halts when trying to fetch shopify api routes. We narrowed it down to happening only from at least the data center our servers are in, but not from our local machines. From our servers terminals, we could curl request any other https url, but if we curl requested shopify’s api routes we would get an SSL expiration alert from curl. I tried chatting with shopify and they wrote it off saying they were not having any issues. I’m sure this will come up. So wanted to post it. We updated our app to ignore the SSL validation to get around the issue.
Topic summary
SSL/TLS certificate validation failures when calling Shopify API endpoints, primarily from certain data center servers, while local/Postman requests succeed. Errors reported include cURL error 60, CERT_HAS_EXPIRED, and a certificate validity “NOT BEFORE Jan 18, 2023,” indicating a recent certificate rotation.
Timeline and scope:
- Initial spike of failures; temporary workaround was disabling SSL validation on servers.
- Resolved for some by 1/20/23 evening, then recurred around 2/13 for others.
Likely cause:
- Shopify updated certificates for myshopify.com domains. Environments with outdated CA bundles or TLS stacks failed to trust the new chain.
Fixes confirmed by participants:
- Update CA certificate store (e.g., replace curl_cert.pem/cacert.pem with the latest Mozilla bundle) and restart applications.
- Upgrade runtimes and OS components: PHP 7.2 → 7.4, update OpenSSL/cURL, update Ubuntu (e.g., from 14.04 to newer), update Xcode toolchain.
- Verify certificate details via browser lock icon.
- Reference Shopify notice with guidance: https://community.shopify.com/c/shopify-apis-and-sdks/important-notice-certificate-update-on-myshopify-com-domains/td-p/1928332
Status:
- Not a Shopify outage per se; issues stem from outdated trust stores. Mostly resolved after updates; ongoing only where environments remain outdated.
2 Likes
We are seeing same issue
HTTP client error:<60>:<SSL peer certificate or SSH remote key was not OK>.
I’ve seen the same since yesterday. When connecting manually from Postman it works well but if connecting via API inside jobs gets error.
1 Like
Having the same issue. We are using https://github.com/Shopify/shopify-api-php
1 Like
Same problem here. Getting CERT_HAS_EXPIRED error when trying to use the Shopify API.
Same for us
Update 1/20/23 6:41pm ET. This has resolved for me.
1 Like
CERT validity NOT BEFORE Wed, 18 Jan 2023 19:23:03 GMT
They updated certificate for web site recently and it looks like update took effect after 48 hours appx or just fixed something.
Thank you Stephanie
This issue has recurred for me as of 2/13. How did you see when they updated the certificate?
1 Like
Same issue, did it resolve for you yet, 2/13/2023
Had to update PHP to a later version, was on 7.2 went to 7.4
You can open web site in common browser and check connection security (lock sign). There you can find certificate details.
Check Shopify notification: https://community.shopify.com/topic/1928332
I had to update certificate store on my application by downloading and rewriting updated curl_cert.pem from Mozilla (details in the link above). After restarting application issue was gone.
2 Likes
I had to update from Ubuntu 14.04(!) to install Lets Encrypt certificates.
I downloaded the cert from within the link you shared, found where the certs were located in my system, renamed the old one certs.old and renamed the new cacert.pem to cert.pem and it worked… until my XCode package was out of date. I’m updating that right now.