The CM API's demand TLS and no longer support SSLv3 and lower. And in some situations cURL in PHP is not able to auto-detect the correct cryptographic protocol. Adding the following rule to the curl_setopt_array manually fixes the protocol to TLSv1:
CURLOPT_SSLVERSION => 1