While I first thought ShairTunes2 LMS plugin might have played a role, my understanding now is that Php comes with its own version of openSSL.
Stack Overflow reveals that the error in many cases is triggered by a missing certificate.
While trying to download the recommended certificate I encountered something strange:
$ wget https://curl.haxx.se/ca/cacert.pem --2019-07-15 22:35:35-- https://curl.haxx.se/ca/cacert.pem Resolving curl.haxx.se (curl.haxx.se)... 126.96.36.199, 188.8.131.52, 184.108.40.206, ... Connecting to curl.haxx.se (curl.haxx.se)|220.127.116.11|:443... connected. ERROR: The certificate of ‘curl.haxx.se’ is not trusted. ERROR: The certificate of ‘curl.haxx.se’ hasn't got a known issuer.
Turns out, the certificate store (here /etc/ssl/certs) was empty.
Luckily on Debian the solution is trivial:
sudo apt-get install ca-certificates
I can’t exclude the possibility that something else cleared the certificate store (couldn’t say what did), however, I strongly suggest to check your upgrade scripts.