After installing an update to WordPress I routinely see the following error when trying to use the “Update Network” function of my multisite installation:
Warning! Problem updating https://example.com/oneofmyMUsites. Your server may not be able to connect to sites running on it. Error message: SSL certificate problem: unable to get local issuer certificate
I run WordPress on an IIS server with correctly configured SSL certificates. Of course, PHP does not use the built-in Windows certificate store for validating Certificate Authorities. It instead maintains a separate bundle of CA certs in [wordpress install dir]\wp-includes\certificates\ca-bundle.crt. If you have a CA that is one one of the ones in that built-in bundle, you will encounter errors. You need to add you CA’s certificate to the bundle, which is unfortunately not a straightforward process.
- Open the Windows Certificates Manager
- Export your Root CA cert to a “Base-64 encoded X.509 (.CER)” format file
- Open that certificate in any text editor (notepad is fine) and copy the entire contents to your clipboard
- Open the previously-mentioned ca-bundle.crt file with an editor that understand linux-style line endings (Wordpad (be careful when saving), Notepad++, gVIM, etc). Notepad.exe will not work
- Paste the contents of the exported certificate to the bottom of the ca-bundle.crt file and save
- Run “Upgrade Network” again and watch as it works!
Keep in mind that you will have to re-apply this fix every time you update WordPress as the ca-bundle.crt file is overwritten during the upgrade process.