Hi,
Our development teams have updated our security certificates in our Live environment.
You can access our site (https://t.co/5lQwoXMCGP) in a browser and pull the latest root certificate down for this.

Apologies for any disruption this may have caused.

— Opayo Support (@OpayoSupport) March 24, 2021

We had a Craft/Craft Commerce store that started throwing a warning yesterday:

ERROR! [CURL] 60: SSL CERTIFICATE PROBLEM: SELF SIGNED CERTIFICATE IN CERTIFICATE CHAIN [URL] HTTPS://LIVE.SAGEPAY.COM/GATEWAY/SERVICE/VSPSERVER-REGISTER.VSP

It turned out after much panicing that Sagepay had updated their SSL, and our implementation of Sagepay (using Omnipay/Guzzle) had a cached root certificate file which was failing validation.

We simply searched for the cacert.pem files (ours were located vendor/guzzle/guzzle/src/Guzzle/Http/Resources/cacert.pem) and removed them. When browsing again, this re-cached the root certificates which resolved.