Resolved: Your server may not be able to connect to sites running on it. Error message: SSL certificate problem: self signed certificate
So recently I ran across an error while performing a WordPress Update. Usually after you perform an update, you are taken to a screen to individually update all your subsites (I am guessing to update the database schema they are running under.) Not sure why this isn’t done at the get go but surely there is a reason for it. So the problem was that several subsites did update without much problem but then one of them caused the process to stop and showed the following error below:
Your server may not be able to connect to sites running on it. Error message: SSL certificate problem: self signed certificate
I am not certain what this error really means. All my subsites run under the same certificate so why some of them worked and this particular one didn’t is beyond me. We also use two reverse proxies to accelerate our web traffic, and our front end web certificate is signed by a CA of public trust. So it is truly a bizarre situation that didn’t happen before. Fortunately we were able to find a workaround to get the process completed.
Unfortunately I am not entirely sure what this workaround does. For that reason my suggestion is that you implement the workaround, perform the update on WordPress, and disable the workaround until you need it again. I suggest this as the implications of the workaround with WordPress as a whole are unknown to me, so this might cause a security risk or problem as it is modifying intended behavior. Please proceed with care as usual.
The key to get this to work as mentioned lies on modifying WordPress behavior. To do so, we are going to rely on the feature called mu-plugins. This is code that is executed when using the multi site plugin / functionality limiting the impact the code may have on other functionality. In order to do achieve this you need to follow this simple steps:
- Navigate to the /wp-content/mu-plugins directory in your WordPress install.
- Create a php file, you can name it whatever you want. Take upgrade_fix.php for example
- Add the following inside the file and you’re done. Save it and retry the upgrade process.
<?php add_filter('https_ssl_verify', '__return_false'); add_filter('https_local_ssl_verify', '__return_false'); ?>
As you can probably tell from it, we are adding filters to bypass SSL verifications. The reason why we chose a MU plugin was so that this change: a) Impacts only multisite functionality and b) Remains in place even after upgrades to WordPress files.
If you look at the /wp-admin/network/upgrade.php file, you’ll see around like 68 something like the following. You need to indicate you don’t want to perform an SSL Verification to avoid getting this error message. Keep in mind the implications of changing this.
$response = wp_remote_get( $upgrade_url, array( ‘timeout’ => 120, ‘httpversion’ => ‘1.1’, ‘sslverify’ => false ) );
The solution probably lies in using a valid public trust certificate for your site. If you can’t afford one, get a test one. If not you are going to need to execute the upgrade against a non SSL site which may carry security implications. So, if for some reason you can’t or don’t want to get a public trust certificate, then go ahead and use the Workaround. Best of luck!