If you’re not using a reverse proxy, but using https with a web server that doesn’t set the HTTPS environment variable, you can either set assume_secure_protocol=1 or reconfigure your web server.
For example, lighttpd should be configured with setenv.add-environment = ( "HTTPS" => "on" ). Similarly, nginx users should use something like fastcgi_param HTTPS on;.

Previous FAQ: How do I fix “curl_exec: Peer’s Certificate issuer is not recognized… Hostname requested was: plugins.matomo.org”