Same issue, did it resolve for you yet, 2/13/2023
Topic summary
SSL/TLS certificate validation failures when calling Shopify API endpoints, primarily from certain data center servers, while local/Postman requests succeed. Errors reported include cURL error 60, CERT_HAS_EXPIRED, and a certificate validity “NOT BEFORE Jan 18, 2023,” indicating a recent certificate rotation.
Timeline and scope:
- Initial spike of failures; temporary workaround was disabling SSL validation on servers.
- Resolved for some by 1/20/23 evening, then recurred around 2/13 for others.
Likely cause:
- Shopify updated certificates for myshopify.com domains. Environments with outdated CA bundles or TLS stacks failed to trust the new chain.
Fixes confirmed by participants:
- Update CA certificate store (e.g., replace curl_cert.pem/cacert.pem with the latest Mozilla bundle) and restart applications.
- Upgrade runtimes and OS components: PHP 7.2 → 7.4, update OpenSSL/cURL, update Ubuntu (e.g., from 14.04 to newer), update Xcode toolchain.
- Verify certificate details via browser lock icon.
- Reference Shopify notice with guidance: https://community.shopify.com/c/shopify-apis-and-sdks/important-notice-certificate-update-on-myshopify-com-domains/td-p/1928332
Status:
- Not a Shopify outage per se; issues stem from outdated trust stores. Mostly resolved after updates; ongoing only where environments remain outdated.