So, this post is probably just a reminder for myself. For years now, I had this stupid problem when I wanted to update a plugin or theme on my wordpress site. On my VPS, I also have a cronjob running which takes care of most of the plugin updates automatically. With a bash script I loop through all my wordpress folders on the server, and then use wp-cli to update the stuff I needed.
I always assumed that this mechanism screw up the ability to update by the browser. Maybe file permissions were overwritten, maybe ownership. I always though: I have to look into this some day. Of course, each time I login to my wordpress and I see pending updates, I still try if it maybe magically works this time. Then the sad smiley face shows up, and I have to remove my .maintenance file manually. Very annoying.
Today I found out that when I wanted to browse the detail of the button, this smiley face also turned up. I finally check my console in the browser, and googled the error that was displayed there.
Then I found out about the X-Frame-Options that were indeed set to DENY in my nginx config (in /etc/nginx/snippets/ssl-params.conf).
I commented this line, and now the I-Frame with the plugin details is working again. I expect that this also solves my problem of not being able to update.