IPN listener suddenly stopped working

Question

My paypal IPN listener was working for over a year now, today it suddenly stopped working with the error

cURL error: [60] SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

My curl setup is

protected function curlPost($encoded_data) {
    if ($this->use_ssl) {
        $uri = 'https://'.$this->getPaypalHost().'/cgi-bin/webscr';
        $this->post_uri = $uri;
    } else {
        $uri = 'http://'.$this->getPaypalHost().'/cgi-bin/webscr';
        $this->post_uri = $uri;
    }

    $ch = curl_init();

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_CAINFO, 
                dirname(__FILE__)."/cert/api_cert_chain.crt");
    curl_setopt($ch, CURLOPT_URL, $uri);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded_data);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $this->follow_location);
    curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HEADER, true);


    $this->response = curl_exec($ch);
    $this->response_status = strval(curl_getinfo($ch, CURLINFO_HTTP_CODE));

    if ($this->response === false || $this->response_status == '0') {
        $errno = curl_errno($ch);
        $errstr = curl_error($ch);
        throw new Exception("cURL error: [$errno] $errstr");
    }
}

I tried using the newest cert from http://curl.haxx.se/ca/cacert.pem as api_cert_chain.crt as suggested in many answers related to this but it didn't change anything.

What could be the cause of this?

Answer 1

Adding curl_setopt($ch, CURLOPT_SSLVERSION, 4); fixed the issue.