Support » Fixing WordPress » Can't update WordPress – SSL certificate problem – error:14090086:S

  • Resolved webdevelopment

    (@webdevelopment)


    This also happens when I try to get a new plugin or theme.

    I can fix it by overwriting the default WordPress ca-bundle.crt with a different .crt file that my system admin supplied.

    This works to fix the problem, but I have a lot of new customers signing up to use WordPress and I can’t keep logging into copy over a file for each new customer.

    I also see this problem ALL OVER the support forums and no-one has yet suggested a fix. They just simply close the support ticket and move on like nothing happened.

    Why does copying a different crt file work to fix this problem??

    Can someone help me get to the bottom of this?

    Here’s the fix:

    first backup the default WordPress ca-bundle.crt file:

    cp /home/username/domains/domainname.org/public_html/wp-includes/certificates/ca-bundle.crt /home/username/domains/domainname.org/public_html/wp-includes/certificates/ca-bundle.crt.bak

    Then replace it with the crt file provided by my system admin.

    cp /root/cacert.pem /home/username/domains/domainname.org/public_html/wp-includes/certificates/ca-bundle.crt

    I haven’t installed SSL certificates in years so I don’t even remember what these crt files do, but it appears to be some kind of public/private key system.

    The biggest question is why the default WordPress ca-bundel.crt file is not working out of the box?

    Update WordPress

    Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /usr/home/username/domains/domainname.com/public_html/wp-admin/includes/update.php on line 115

    Downloading update from http://downloads.wordpress.org/release/wordpress-4.3.1-no-content.zip…

    Download failed.: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    Installation Failed

Viewing 15 replies - 1 through 15 (of 55 total)
  • I just noticed that I only have php 5.3.28…

    Do I “NEED” to upgrade to 5.6?

    Here’s the version of related things I have:

    # openssl
    OpenSSL> version
    OpenSSL 0.9.8e 23 Feb 2007
    OpenSSL> quit

    # curl –version
    curl 7.21.6 (i386-unknown-freebsd7.0) libcurl/7.21.6 OpenSSL/0.9.8e zlib/1.2.3
    Protocols: dict ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
    Features: IPv6 Largefile NTLM SSL libz

    # php –version
    PHP 5.3.28 (cli) (built: Jan 29 2014 12:37:35)
    Copyright (c) 1997-2013 The PHP Group
    Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
    with the ionCube PHP Loader v4.5.3, Copyright (c) 2002-2014, by ionCube Ltd.

    # mysql –version
    mysql Ver 14.14 Distrib 5.5.35, for FreeBSD7.0 (i386) using EditLine wrapper

    When is WordPress team going to update their certificate bundle to the latest version???

    Here it outlines that WordPress is at fault because they are using “outdated” ssl crt bundles:

    https://support.quadrahosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=215

    [ No bumping please. ]

    It’s a bug that will be fixed in WordPress 4.4:

    https://core.trac.wordpress.org/ticket/30434

    Oh that’s great!

    “The next update will contain a fix for the ‘unable to update’ problem”

    How are we supposed to install this update when current version cannot update – pretty stupid eh!?

    WPChina

    (@wordpresschina)

    Go to http://curl.haxx.se/ca/cacert.pem and save it as ca-bundle.crt

    Upload this file to: wp-includes/certificates/ca-bundle.crt

    Remember that any update WordPress does will overwrite this. So until WordPress fixes/updates themselves, you should manually do this yourself.

    I wish WordPress could send out a hotfix of some sort now to make this update. Updated certs is very important for security and communication between sites.

    THANK YOU, WPChina!
    This has solved the issue! WordPress 4.4 did not solve the issue…

    WPChina

    (@wordpresschina)

    I just installed 4.4 and I looked all over the the WP site for info, but I see no information that the old ca-bundle.crt was upgraded in 4.4. Can anybody see on the Trac or elsewhere where this may be a “in progress” security bug they are solving?

    Same issue here.

    With WP 4.4 I suddenly got the following error message on all of my 3 sites:

    Download failed.: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    Before update everything was ok. With 4.4. suddenly it broke.

    So, I followed WPChina’s advice (THANKS FOR THAT) and replaced the obviously broken certificate that WP distributes. And now it’s running fine again.

    Did some search on the web and seems to be an issue on many sites.

    WPChina

    (@wordpresschina)

    It is an issue on **many** sites. I alerted one of my managed VPS providers and they had many other clients complaining about this error.

    I am befuddled why this was not updated in 4.4.

    Good question… Have the impression that it is still not a high priority. Perhaps most people will relate it to the plugin provider and complain there.

    Let’s see whether something happens with the next release

    WPChina

    (@wordpresschina)

    I’ve bitten my tongue many, many, many times on things like this over the years. I’ve been a part of the WP community for almost 10 years. This issue falls under the security umbrella — anything dealing with the authentication and integrity of data traveling between sites should be handled asap. Updating core certs within wp-include is a high level issue, in my book. But anyway…

    Hello people, I had a similar issue until today.
    You can replace the current wp-includes/certificates/ca-bundle.crt with this one:
    https://raw.githubusercontent.com/bagder/ca-bundle/e9175fec5d0c4d42de24ed6d84a06d504d5e5a09/ca-bundle.crt
    Just overwrite the file bundled with WP and that’s all.

    You can read more here: https://core.trac.wordpress.org/ticket/34935

    Hope it helps.

    I just wanted to mention that this is a known issue that is being worked on: https://core.trac.wordpress.org/ticket/34935#comment:21 hopefully it will be fixed for 4.4.

    I just installed WordPress 4.4 and I still get this error.

    I will go to this support ticket and remind them that it’s not fixed.

    Dion Hulse

    (@dd32)

    Core Developer

    Hi @webdevelopment

    Your issues were never going to be fixed in 4.4, as the issue was completely unrelated to updating the bundled files.

    However, it’s not entirely obvious why using the bundle directly from curl fixed the error for you (As it contained the same certificates that WordPress 4.3 needed), I’d say it’s most likely related to your server using severely outdated components (which might I add, still work fine for a lot of WordPress users).

    I’ll shoot you an email directly for some extra information on your setup in a moment.

Viewing 15 replies - 1 through 15 (of 55 total)
  • The topic ‘Can't update WordPress – SSL certificate problem – error:14090086:S’ is closed to new replies.