Download failed.: cURL error 60: SSL certificate problem: unable to get local issuer certificate
Installation Failed
If you receive the above error when updating a stale installation of WordPress read on.
Every installation of WordPress comes with its own Certificate Authority (CA) file which gets refreshed automatically upon each version update. If you have not updated your installation of WordPress for a few years the certificates within have expired and therefore cURL will not be able to verify the integrity of the server you are connecting to and fail the download and update process.
Verifying the chain of trust is important to avoid pulling WordPress from the wrong source in the event that you may be exposed e.g. to a man in the middle (MITM), DNS hijacking, etc. scenario.
To resolve the issue we need to break out of this catch 22 situation where we need the latest version of WordPress to update to the latest version of WordPress… d’oh!
Some would simply download a fresh WordPress installation directly on the server, however it can be error prone risking your old installation’s data, plus the fact that the included updater runs its checks and updates both core files and database. So the quickest way is to simply overwrite the old certificates file at wp-includes/certificates/ca-bundle.crt with the latest one from WordPress’ development repository:
https://raw.githubusercontent.com/WordPress/WordPress/refs/heads/master/wp-includes/certificates/ca-bundle.crt
Once replaced cURL will no longer have any issues connecting to WordPress, retrieving the latest version and completing the update.