WP - cURL call to an externa API stopped working- cURL Error 60: SSL certificate problem: certificate has expired

I have created some 'basic' API calls using cURL on a WP website that have been working until last Friday.

Since then I receive this error message. Error n: 60, Error: SSL certificate problem: certificate has expired.

Now I just checked on https://www.ssllabs.com/ssltest/analyze.html?d=ombri-immo.lu (ombri-immo.lu is the domain of the website) and the certificate is still valid.

(To be thorough I have two website that call the same API and give back the same error)

 $ch = curl_init();

  curl_setopt_array($ch, array(
    CURLOPT_URL => 'https://middleware-production.easy2pilot-v8.com/api/***/token',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_SSL_VERIFYPEER, false,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'GET',
    CURLOPT_POSTFIELDS =>'{
    "login": "**",
    "password": "**"
  }',
    CURLOPT_HTTPHEADER => array(
      'Content-Type: application/json;charset=UTF-8'
    ),
  ));
  
  $response = curl_exec($ch);

  echo 'GETINFO: ' . curl_getinfo($ch) . '<br/>';
  echo curl_errno($ch) . '<br/>';
  echo 'CURL ERROR: ' . curl_error($ch) . '<br/>';

  curl_close($ch);
  echo $response;

This is the code of the call. The credentials work properly since I tested them on Postman and everything is fine.

I have read many posts and most of them suggest touching thing on the server side, which I have no access to and no knowledge about functioning, I take for granted that it is the domain provider (OVH) that id taking care of that.

Also I am not completely in charge of the project and know for a fact that WordPress is not up to date (Hopefully this will happen tomorrow and will fix everything :) ) and also I have noticed that the curl version installed on the server is old ( again I have contacted the reseller and asked him to update that.

Does anybody have any suggestions on things to try or if for example the domain and server provider should be able to take care of this?

Thanks for taking the time of reading the post.

Solution

The problem I can see is with your CA bundle that is not correct in ombri-immo.lu domain so it must be updated.

Certificate Chain: The certificate chain does NOT validate.

This certificate was issued by the R3 CA bundle.

You can confirm in ssllabs -> Certification Paths -> Select any Mozilla|Apple|Android|Java|Windows -> Path #2: Not trusted (invalid certificate [Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739]) -> 4 In trust store

DST Root CA X3   Self-signed
Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Valid until: Thu, 30 Sep 2021 14:01:15 UTC
EXPIRED
Weak or insecure signature, but no impact on root certificate