Bypass the WordPress Upgrade SSL Error
Users upgrading from an older version of WordPress such as 3.5.1 or earlier may encounter errors during the update process. Learn why this happens and what you can do to get your site successfully upgraded.
SSL Errors During the Update Process
If you are operating a WordPress site with a version of 3.5.1 or earlier, and you are trying to upgrade to a modern version, you have likely run into this error during the update process:
Download failed.: The SSL certificate for the host could not be verified.
Installation Failed
Why does this happen? Long story short, the problem is that the WordPress team included the CA certificate check in their 3.7.0 version, and you are using the 3.5.1 version or earlier. When attempting to update to a modern version, the CA certificate is not present, and the update fails.
So what can you do about it? I would describe the following as a bypass rather than a fix. You can instruct Wordpress to skip the SSL check during the update.
Via your hosting control panel or FTP, edit the wp-config.php file located in the root of your WordPress installation folder. Scroll all the way to the bottom and add the following lines:
add_filter('https_ssl_verify', '__return_false');
add_filter('https_local_ssl_verify', '__return_false');
Once saved, try your update again. It should complete successfully.
Remove this Bypass Following the Upgrade
Once you have completed the upgrade, remove the above from your wp-config.php file. You should not encounter this error again going forward. The CA certificate is there is keep your WordPress installation secure. By leaving the bypass in place following the upgrade, it leaves your system vulnerable to potential man in the middle attacks as explained in this SO post.
Did this bypass work for you? Please let me know by leaving a comment below. Good luck!