How to fix cURL error 60 (CURLE_PEER_FAILED_VERIFICATION) on a calendar subscription
This means your calendar client could not verify the SSL certificate of the server hosting the .ics file, so it refused the connection for safety. It is a certificate or clock problem, not a calendar problem. Jump to your situation below or work through the methods in order.
By Neeraj Singh ~7 min Updated Jun 2026 91% found this helpful
Error message
cURL error 60: CURLE_PEER_FAILED_VERIFICATION. SSL certificate problem, the server's certificate could not be verified.
Summary
cURL error 60 (CURLE_PEER_FAILED_VERIFICATION) is raised when a calendar client subscribes to a webcal or HTTPS .ics URL and cannot verify the server's SSL certificate, so it stops the connection to protect you. The content of the calendar is irrelevant here, the problem is trust. Common causes are a self-signed or otherwise untrusted certificate on the server, an expired certificate, a missing intermediate certificate in the chain, an out-of-date CA bundle or operating system on the client, a wrong clock on the device that makes a valid certificate look expired, or a TLS-intercepting proxy or antivirus sitting in the path. The fix is to confirm the certificate is valid and trusted by opening the HTTPS URL in a browser, correct the device clock, repair the certificate chain on the server, update the client's trust store, and account for any intercepting proxy. Disabling verification is not a real fix and is unsafe on anything important.
What this error means
When a client connects over HTTPS, it checks the server's certificate against a trusted authority, the certificate's validity dates, and that it covers the hostname. cURL error 60 means one of those checks failed: the certificate could not be verified, so the client refuses to continue rather than trust an unproven server.
This is a security feature working as intended, so the goal is to make the certificate genuinely trustworthy, not to switch the check off. The fault is almost always on the server (an untrusted, expired or incomplete certificate) or on the client (an old trust store or a wrong clock), and occasionally a proxy intercepting the connection.
Common causes
The server uses a self-signed or untrusted certificate.
The certificate has expired.
An intermediate certificate is missing from the server's chain.
The client's CA bundle or operating system is out of date.
The device clock is wrong, so the certificate looks expired or not yet valid.
A TLS-intercepting proxy or antivirus is breaking the chain.
The URL hostname does not match the certificate.
Expert insight
“Error 60 is the client refusing to trust the server, and the instinct to just turn off verification is exactly the wrong move, especially for anything that matters. I start in a browser: open the HTTPS version of the calendar URL and the browser tells me plainly whether the certificate is expired, untrusted or missing its chain. Half the time the real culprit is the device clock, a wrong date makes a perfectly good certificate look expired. Fix the clock, fix the chain on the server, update the trust store, and the subscription connects properly and safely.”
Manager, Tech Support & Operations · 19+ years fixing Windows and system errors
✓ How to fix it
Method 1
Check the certificate in a browser
1Open the HTTPS version of the calendar URL in a web browser (swap webcal:// for https://).
2The browser shows whether the certificate is expired, untrusted or missing its chain.
3That tells you whether the fault is the certificate, the clock or the client.
Method 2
Fix the device date and time
1A wrong clock is a very common cause, it makes a valid certificate look expired or not yet valid.
2Set the device to automatic date and time and the correct time zone.
3Then retry the subscription.
Method 3
Fix the server certificate chain
1If the certificate is self-signed or missing an intermediate, fix it on the server side.
2Install the full chain including the intermediate certificate, or replace a self-signed certificate with one from a trusted authority (a free option like Let's Encrypt works).
3Re-test the HTTPS URL in a browser after the change.
Method 4
Update the client trust store
1An out-of-date CA bundle or operating system may not trust newer authorities.
2Update the operating system and the calendar app so the trust store is current.
3On a server or script, update the CA certificate bundle.
Method 5
Account for a proxy or antivirus
1A TLS-intercepting proxy or antivirus replaces the server certificate with its own, which the client may not trust.
2Add the calendar host as an exception, or install the proxy's root certificate into the trust store.
3On a managed network, ask IT about HTTPS inspection.
Method 6
Confirm the hostname matches
1Make sure the URL uses the hostname the certificate was issued for, not an IP address or an alias.
2A hostname mismatch fails verification even with a valid certificate.
3Use the exact canonical URL the provider gives you.
Error 60 is the client protecting you from an unverified server, so do not disable certificate verification as a fix, especially on anything important. Diagnose it in a browser, then fix the real cause: usually a wrong device clock, an incomplete certificate chain on the server, or an out-of-date trust store on the client.
Frequently asked questions
What does cURL error 60 mean?
CURLE_PEER_FAILED_VERIFICATION means your calendar client could not verify the server's SSL certificate, so it refused the connection for security. It is a trust problem, not a calendar problem.
Why can't my client verify the certificate?
Usually the certificate is self-signed, expired or missing its intermediate chain, or the client's trust store is out of date, or the device clock is wrong so the certificate looks invalid.
Should I just disable SSL verification?
No, especially for anything important. That removes the protection the check provides. Fix the certificate, the chain, the clock or the trust store instead.
How does the device clock cause this?
Certificates are only valid between two dates. If the device clock is wrong, a perfectly good certificate can look expired or not yet valid, triggering error 60. Set the clock automatically.
How do I check the certificate?
Open the HTTPS version of the calendar URL in a browser. It shows whether the certificate is expired, untrusted or missing its chain, which points you at the fix.
It is my own server, how do I fix the chain?
Install the full certificate chain including the intermediate, or use a certificate from a trusted authority such as a free Let's Encrypt certificate, then re-test in a browser.
Still not working?
If the certificate looks valid in a browser but the calendar client still fails, the client may bundle its own trust store that the browser does not use, so update or reinstall the app. On a managed device, a corporate HTTPS-inspection proxy is often the cause, and IT needs to allow the calendar host. You can also submit your error to us for a tailored fix.
