While I first thought ShairTunes2 LMS plugin might have played a role, my understanding now is that Php comes with its own version of openSSL.
Stack Overflow reveals that the error in many cases is triggered by a missing certificate.
While trying to download the recommended certificate I encountered something strange:
$ wget https://curl.haxx.se/ca/cacert.pem --2019-07-15 22:35:35-- https://curl.haxx.se/ca/cacert.pem Resolving curl.haxx.se (curl.haxx.se)... 18.104.22.168, 22.214.171.124, 126.96.36.199, ... Connecting to curl.haxx.se (curl.haxx.se)|188.8.131.52|:443... connected. ERROR: The certificate of ‘curl.haxx.se’ is not trusted. ERROR: The certificate of ‘curl.haxx.se’ hasn't got a known issuer.
Turns out, the certificate store (here /etc/ssl/certs) was empty.
Luckily on Debian the solution is trivial:
sudo apt-get install ca-certificates
I can’t exclude the possibility that something else cleared the certificate store (couldn’t say what did), however, I strongly suggest to check your upgrade scripts.