Can't update WordPress – SSL certificate problem – error:14090086:S

I know that will need to be done when Cent OS 5 is EOL in 2017, but until then or I find some spare money for hosting. I am stuck and so are millions of other users with this problem.

I agree with you. I am seeing lots of chatter the past few weeks on Chinese tech boards complaining about these issues. The impact goes way beyond I think what WordPress thinks it goes, because many, many WP admins and users *do not* use this English-language — or even the Chinese-language WP boards — for discussions and help.

But yes, the cure is to update servers, which is something we’ve been doing the past month anyway. It’s a pain for medium and small WP admins, let alone large ones. Byebye CentOS 5.x and hello CloudLinux ??

James, I am with Hostgator and have a dedicated server. Their policy along with the majority of other hosting companies is: If I chose to have the OS updated, the only safe way to do it is cancel the existing server & provision a new one and transfer all accounts over.
That costs me money with the cost of an additional server for 1 month
If I wait till CentOS 5 is EOL, they will upgrade me free of charge,

Ouch, doubly unfortunate. To be honest, this is the first time I’ve heard that process as a *requirement* for a dedicated server. Normally you’d just update the OS yourself during a low-traffic hour, since you’re supposed to have full control with a dedicated server, while of course also having the option to do it as a server move instead.

I guess they have to make money somewhere. ˉ\_(ツ)_/ˉ

Ok, so my suggestion of updating openssl is definitely not a possibility for you. I see Dion is involved in this thread, so he’ll probably have some other recommendations after investigating for a bit.

NO it is impossible to update cent os 5 to 6 or 7 safely
Cent OS themselves say the only way is to provision a new server & transfer accounts over.

Some hosts have updated servers but they introduced unfortunate effects and bugs https://wiki.centos.org/HowTos/MigrationGuide/MigratingFiveToSix

Ah, good to know, been quite a while since I’ve had to deal with CentOS. ??

Yep, unfortunately RHEL5 and it’s derivatives never got an updated version of OpenSSL to fix a huge range of issues, although continued to receive Security updates.

SSL with OpenSSL 0.9.8e is almost impossible now-days, as 0.9.8f was the first version to support SNI (Which allows multiple hostnames per IP address). It usually only works by fluke.

As far as I was aware, WordPress’s ca-bundle however works with 0.9.8e, if that’s not the case, then we can look into it, however, the only difference between what we ship and what curl ships is that we’re not removing the 1024bit certificates anymore and we’ve moved a certificate so that it’s compatible with an OpenSSL version popular with PHP 5.2.

Since upgrading my site to 4.4.1 I am unable to update any of my plugins, and I am getting the following error on my WordPress Dashboard: RSS Error: WP HTTP Error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I have re-installed WordPress (excluding the wp_contents directory).

My web host is Claranet. The server is running PHP v5.5. SSL is not enabled – is this the issue?

I’ve got the same problem after wp4.4.1. I can’t update any of the installed plugins or themes. It’s really annoying.

El3na3 try the fix in my last post

Thank you dvk01uk for your reply to me.My problem is now fixed. In fact, the server was still running PHP 5.2, and by upgrading to 5.5 it solved the problem. I hadn’t left it long enough after applying the 5.5 update to let the server refresh. Claranet also confirmed that several users of theirs had had the same issue. After talking to Claranet, I also discovered that SSL is enabled globally across their servers.

As said by “dvk01uk”:
“The 4.4.1 update caused the problem on my server.
The first time I ever had this problem was with 4.4.
I replaced the certificate bundle and everything worked.
4.4.1 update and I needed to manually replace the bundle again on the server.“

Exactly my experience today.
One, and only one, out of 25+ sites Im runningt, have this issue.
I have other sites on the same server, and they perform perfect…

Same here: 11 WP 4.1.1-Sites on a customers server – All complaining about “SSL certificate problem: unable to get local issuer certificate”.

Works after overwriting wp-includes/certificates/ca-bundle.crt with version mentioned in https://myonlinesecurity.co.uk/wordpress-4-4-update-breaks-itself-with-ssl-certificate-problem-unable-to-get-local-issuer-certificate/

But that’s no durable solution since that file gets overwritten during every WP Update.

Btw: the server has open ssl 0.9.8e – so the e version isn’t a solution either.

br from Salzburg, Austria

I have tried twice replacing the crt with the one suggested above, but am still receiving the same error message.

Does anyone have a suggestion as to what I should check or change next? I do have access to CPanel but not a good understanding of it.

By the way, since it was asked above, I’m on 4.4.1 and I still have this problem.

Hi,
I’ve just updated wp to 4.4.2 but this hasn’t solved the problem. I’m still getting the same error notice. I hoped wordpress would find a solution to the issue but unfortunaly it hasn’t been done.
I’ll keep on upgrading all the plugins manually but it’s a real nuisance.
Will it ever be fixed?

I have freshly installed WordPress 4.4.2 on a server running PHP 5.6.13 and OpenSSL/0.9.8e, and I encountered the SSL certificate problem.

Replacing the default ca-bundle.crt (temporarily) fixed the issue for me. This works with both https://curl.haxx.se/ca/cacert.pem and https://raw.githubusercontent.com/bagder/ca-bundle/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt.