Go through the plugins/extensions/whathaveyou for your favorite CMS/framework (especially eCommerce) and see which ones disable certificate validation for HTTPS requests.
paragonie.com/blog/2017/10/c…
- None of y'all use Certainty
- None of y'all are validating TLS certificates in your PHP apps
- Not even eCommerce plugins are doing this
- Certainty makes cacert.pem reliable; validate your fucking certs!