Can't update WordPress – SSL certificate problem – error:14090086:S

I just noticed that I only have php 5.3.28…

Do I “NEED” to upgrade to 5.6?

Here’s the version of related things I have:

# openssl
OpenSSL> version
OpenSSL 0.9.8e 23 Feb 2007
OpenSSL> quit

# curl –version
curl 7.21.6 (i386-unknown-freebsd7.0) libcurl/7.21.6 OpenSSL/0.9.8e zlib/1.2.3
Protocols: dict ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IPv6 Largefile NTLM SSL libz

# php –version
PHP 5.3.28 (cli) (built: Jan 29 2014 12:37:35)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
with the ionCube PHP Loader v4.5.3, Copyright (c) 2002-2014, by ionCube Ltd.

# mysql –version
mysql Ver 14.14 Distrib 5.5.35, for FreeBSD7.0 (i386) using EditLine wrapper

When is WordPress team going to update their certificate bundle to the latest version???

Here it outlines that WordPress is at fault because they are using “outdated” ssl crt bundles:

https://support.quadrahosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=215

[ No bumping please. ]

It’s a bug that will be fixed in WordPress 4.4:

https://core.trac.www.ads-software.com/ticket/30434

Oh that’s great!

“The next update will contain a fix for the ‘unable to update’ problem”

How are we supposed to install this update when current version cannot update – pretty stupid eh!?

Go to https://curl.haxx.se/ca/cacert.pem and save it as ca-bundle.crt

Upload this file to: wp-includes/certificates/ca-bundle.crt

Remember that any update WordPress does will overwrite this. So until WordPress fixes/updates themselves, you should manually do this yourself.

I wish WordPress could send out a hotfix of some sort now to make this update. Updated certs is very important for security and communication between sites.

THANK YOU, WPChina!
This has solved the issue! WordPress 4.4 did not solve the issue…

I just installed 4.4 and I looked all over the the WP site for info, but I see no information that the old ca-bundle.crt was upgraded in 4.4. Can anybody see on the Trac or elsewhere where this may be a “in progress” security bug they are solving?

Same issue here.

With WP 4.4 I suddenly got the following error message on all of my 3 sites:

Download failed.: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Before update everything was ok. With 4.4. suddenly it broke.

So, I followed WPChina’s advice (THANKS FOR THAT) and replaced the obviously broken certificate that WP distributes. And now it’s running fine again.

Did some search on the web and seems to be an issue on many sites.

It is an issue on **many** sites. I alerted one of my managed VPS providers and they had many other clients complaining about this error.

I am befuddled why this was not updated in 4.4.

Good question… Have the impression that it is still not a high priority. Perhaps most people will relate it to the plugin provider and complain there.

Let’s see whether something happens with the next release

I’ve bitten my tongue many, many, many times on things like this over the years. I’ve been a part of the WP community for almost 10 years. This issue falls under the security umbrella — anything dealing with the authentication and integrity of data traveling between sites should be handled asap. Updating core certs within wp-include is a high level issue, in my book. But anyway…

Hello people, I had a similar issue until today.
You can replace the current wp-includes/certificates/ca-bundle.crt with this one:
https://raw.githubusercontent.com/bagder/ca-bundle/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt
Just overwrite the file bundled with WP and that’s all.

You can read more here: https://core.trac.www.ads-software.com/ticket/34935

Hope it helps.

I just wanted to mention that this is a known issue that is being worked on: https://core.trac.www.ads-software.com/ticket/34935#comment:21 hopefully it will be fixed for 4.4.

I just installed WordPress 4.4 and I still get this error.

I will go to this support ticket and remind them that it’s not fixed.

Hi @webdevelopment

Your issues were never going to be fixed in 4.4, as the issue was completely unrelated to updating the bundled files.

However, it’s not entirely obvious why using the bundle directly from curl fixed the error for you (As it contained the same certificates that WordPress 4.3 needed), I’d say it’s most likely related to your server using severely outdated components (which might I add, still work fine for a lot of WordPress users).

I’ll shoot you an email directly for some extra information on your setup in a moment.