I am working locally on xampp and using Gmail SMTP plugin to get my contact form 7 to work. When I try sending a test email it fails, and i get this error message:
Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed [C:\xampp1\htdocs\WP\wp-content\plugins\gmail-smtp\PHPMailer\class.smtp.php line 369]
SMTP Error: Could not connect to SMTP host.
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
I changed the mail function settings in php.ini and sendmail configuration accordingly. Can you help me with what the problem might be here?
You are getting this error most likely because internally, PHPMailer is trying to establish a secure connection (SSL/HTTPS) and the SSL certificate verification is failing because it is most like a self-signed certificate (inside xampp just for development).
Try allowing insecure connections (without SSL encryption - at least during development) by using the suggested piece of code
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
As the document itself recommends against making these configurations globally in the php.ini file, you may want to revert them. And use the Run-time options instead (the code above).
Here is my smtp client for sending email from php with ssl socket https://github.com/breakermind/PhpMimeParser/blob/master/PhpSmtpSslSocketClient.php you can test with php
And here with php mailer example https://github.com/fxstar/PhpJsCss/blob/master/SMTPmail/send-phpmailer-smtp-ssl.php
Or here another example https://github.com/fxstar/PhpJsCss/blob/master/MailerPHP/smtp.php
Related
I am using PHPMailer on PHP 5.6, the increased security around certificated in PHP 5.6 is certainly fun.
I am trying to send a test message to a domain hosted on dreamhost, the error that comes back from PHPMailer is: Could not connect to SMTP host.
That error is not right though, I have logging enabled and here is what is actually going on.
Connection: opening to mx1.sub4.homie.mail.dreamhost.com:25,
timeout=30, options=array ( ) Connection: opened S: 220
homiemail-mx32.g.dreamhost.com ESMTP
C: EHLO s81a.ikbb.com
S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000
250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME
C: STARTTLS
S: 220 2.0.0 Ready to start TLS
C: QUIT
S: SMTP ERROR: QUIT command failed: Connection: closed
I could not understand why PHPMailer just gives up, issuing a QUIT command when it should start sending the message. I got another clue from another log:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
If I use some custom options to prevent validation of the cert they are using I can get it to continue. Here is what I have:
$mail->SMTPOptions = array (
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true));
If I put the SMTPOptions in there and skip the peer verification, message goes OK - with no warning in PHP at all.
How can I trap that error, so I know there is an issue but still send the message?
I had the same problem and I found the answer in the PHPMailer documentation.
PHP 5.6 certificate verification failure
In a change from earlier versions, PHP 5.6 verifies certificates on SSL connections. If the SSL config of the server you are connecting to is not correct, you will get an error like this:
Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended:
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
You can also change these settings globally in your php.ini, but that's a really bad idea; PHP 5.6 made this change for very good reasons.
Sometimes this behaviour is not quite so apparent; sometimes encryption failures may appear as the client issuing a QUIT immediately after trying to do a STARTTLS. If you see that happen, you should check the state of your certificates or verification settings.
Solution for WHM/cPanel(s) : Disable SMTP Restriction by following below process:
a) Open WHM and search for SMTP restriction, make sure it's disable.(You can go through Home »Security Center »SMTP Restrictions directly as well)
b) Or Same thing can be done via Tweak Settings (Directly go for Home »Server Configuration »Tweak Settings or you can click on tweak setting link shown in upper image)
For those of you using cPanel, I tried the SMTP check code from the examples folder in PHPMailer and I got this same error:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
I realized that it was not an error related to PHPMailer, so I searched for similar errors related to CentOS and I found this link that shed some light: Issue sending mails through 3rd party. You have to take a look at "SMTP Restrictions" in cPanel.
For PHP 5.6 use the following. Adding "tls://" is the key.
$mail->Host = gethostbyname('tls://smtp.gmail.com');
See: http://php.net/manual/en/context.ssl.php
Disable SMTP Restriction in WHM
As somebody mentioned here, the issue is an invalid SSL certificate.
Your website might have a valid SSL certificate, but it might not apply to the mail.website.net or smtp.website.net subdomains. If your hosting provider has an interface for generating SSL certificates for your website, try to search if there isn't a possibility to select subdomains for which the certificate will generate.
I had a similar problem after I've upgraded to PHP 5.6 on my WordPress machine. The WP Mail SMTP by WPForms (wp-mail-smtp) plugin were configured to use localhost as SMTP Host. I've changed it to the FQHN (Fully Qualified Host Name) as it is defined in the SSL cert.
After this change it is working fine.
If you just migrated to a different server, most likely you can fix this by disabling SMTP restriction from WHM :
I have been troubleshooting this issue for the last two months and have gotten no results on how to fix this. I am using PHP 5.6.3 with PEAR 1.10.1, the emailing pages in question worked fine with our 3-party emailing software on our local server only designed to use port 25 for SMTP. Now the PHP pages do reference an XML template that contains all the host, password, and username information. I want to switch to using google email servers with SSL. I implemented the changes provided by my email administrator and change the MX records accordingly. It was functioning properly for two weeks. After that I was getting the following error
"Failed to connect to ssl://smtp.gmail.com:465 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://smtp.gmail.com:465 (Unknown error) (code: -1, response: )]".
I have changed the code several times, I removed the ssl://, I have changed the protocol type to TLS with the port number 587, etc. Nothing was working! I reached out to the contractor to construct a simple hard-coded page that just said hello world using the gmail server configuration. He refused and made myself make a simple php page, mind you I had zero background in PHP programming until now, so on a side note entirely happy that this was thrown my way, but regardless I did complete the task. I have a page that sends a simple message, using the smtp server with the account desired using the PHPMailer library. (See the code below)
<?php
require_once 'C:\Webpage\PHPMailer-5.2-stable/PHPMailerAutoload.php';
$mail = new PHPMailer();
$mail->isSMTP();
$mail->SMTPAuth = true;
$mail->SMTPDebug = SMTP::DEBUG_SERVER;
$mail->SMTPDebug = 4; // 2 to enable SMTP debug information
$mail->Host = 'smtp.gmail.com';
$mail->Username = 'username#gmail.com';
$mail->Password = 'XXXXXXXXXXXXXXXXXXX';
$mail->SMTPSecure ='ssl';
$mail->Port = 465;
/*$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
//'allow_self_signed' => true
)
);*/
$mail->From = 'XXXXt#abc.com';
$mail->FromName = 'Example';
$mail->addReplyTo('testing#abc.com','Example');
$mail->AddAddress('user1#xyz.com', 'John Doe');
$mail->Subject = 'Hello World';
$mail->Body ='A test email!';
$mail->AltBody = 'A test email!';
if(!$mail->Send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
} else {
echo "Message has been sent";
}
?>
Now I know this is not using PEAR, but from this I found out some interesting information that I think is related. The code only works if the line with
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
//'allow_self_signed' => true
)
);
is not commented out it works, but when it is commented out, I receive an error regarding this.
Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed [C:\Webpage\PHPMailer-5.2-stable\class.smtp.php line 299]
So I googled this error and was lead to the php.ini file to change the openssl.cafile and the openssl.capath values. I entered in the download CA certificates and entered the correct pathway for the values, but still it is not working. Am I placing these in the wrong area? Or is there an easier way to fix this issue using the PEAR library? Please any help on this subject will be appreciated!:)
UPDATE(02/20/2018):
I have downloaded the bundle and set the pathway to it's correct location,curl.cainfo ="C:\OpenSSL-Win64\bin\PEM\cacert.pem",openssl.cafile="C:\OpenSSL-Win64\bin\PEM\cacert.pem". I still am getting the error I ran the following check of the ssl locations to see if it was using the php.ini file and got the following.
<?php
error_reporting(E_ALL);
print "\nIf you've got this far without errors then problem is with your SSL config\n";
$calocns=openssl_get_cert_locations();
if (count($calocns)) {
print "Check you've got your cacerts deployed in one of the following locations\n";
foreach ($calocns as $k=>$v) print "$k = $v\n";
} else {
print "You've not configured your openssl installation on this host\n";
}
$calocns=openssl_get_cert_locations();
//var_dump(openssl_get_cert_locations());
?>
Result:
If you've got this far without errors then problem is with your SSL config Check you've got your cacerts deployed in one of the following locations default_cert_file = f:\repo\winlibs_openssl_vc11_x86/cert.pem default_cert_file_env = SSL_CERT_FILE
default_cert_dir = f:\repo\winlibs_openssl_vc11_x86/certs
default_cert_dir_env = SSL_CERT_DIR
default_private_dir = f:\repo\winlibs_openssl_vc11_x86/private
default_default_cert_area = f:\repo\winlibs_openssl_vc11_x86
ini_cafile =
ini_capath =
I seem to be doing this wrong or need to know how to change the locations because those locations are not existent on my computer and I don't understand how it goes to those by default when I changed the pathway in the configuration file itself. Any thoughts?
Obviously it's still the certificate issue. Try using the latest CA certificates extracted from Mozilla. Simply download it, place it somewhere or replace your current cacert.perm, add the path to your certificate to openssl.cafile and curl.cainfo in your php.ini, and then try again. You might want to comment openssl.capath for now.
You can read more about issues related to CA certificate in PHPMailer Troubleshooting Wiki.
Update for 02/20/2018:
The curl.cainfo and openssl.cafile paths looks fine, assuming that is the correct path to the cacert.pem you downloaded. However your ini_cafile is empty when you run openssl_get_cert_locations(). It should reflect whatever you set in your openssl.cafile. You will need to restart your web server (Apache/nginx) after making changes to your php.ini to take effect. After restarting check the openssl.cafile value by running phpinfo(), and make sure it is correct.
I'm not sure why the default cert directory is like that. Maybe a previous installation of Open SSL? Either way, it's an non-existent default path for me as well but it doesn't matter since my ini_cafile shows the same value I defined in openssl.cafile. openssl_get_cert_locations() shows the list of places it will be looking for the certificates, so if the correct one is among the them, I think it should be fine.
I'm getting this error with PHPMailer on a PHP 5.6 server.
Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in class.smtp.php on line 344
The interesting thing is I'm trying to send email through the local SMTP server # localhost, and I'm not using SSL or TLS - it's plain SMTP on port 25.
$mail->SMTPSecure=''
$mail->SMTPPort //not set
The server has a valid SSL Certificate installed for the website domain.
I've read the documentation on GitHub about PHP 5.6 certificate verification failure and it doesn't seem to address this scenario.
I've added this code, but still receive the error:
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
I guess the main question is, what SSL certificate, or lack thereof is it complaining about?
PHPMailer's github page mentions this type of error:
This is covered in the troubleshooting docs. PHP 5.6 verifies SSL certificates by default, and if your cert doesn't match, it will fail with this error. The correct solution is to fix your SSL config - it's not PHP's fault!
I see that you've gone through the trouble of making the PHPMailer settings insecure as is not recommended in the troubleshooting docs. Did you notice that requires PHPMailer 5.2.10?
The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended
There's also suggestions for enabling debug output:
$mail->SMTPDebug = 4;
If you look at the debug output, you may glean more helpful info.
EDIT: this also is not about your website's cert, it's about the cert (if any) being hosted by your SMTP mail server endpoint.
Hi guis I have been migrating an application to new server, is an Ubuntu server but on the new server I have some problem to send emails using Cakephp 2.0.
If the host on cake mail config is localhost I have the following error:
SMTP Error: 530 5.7.0 Must issue a STARTTLS command first
Search on the internet the solutions may be is config SMTP ssl://mydomain.com.br on php.ini or using ssl host like this ssl://mydomain.com.br on cake mail config. On the first option nothing change, error persist and with host ssl on cake mail config I have the following error:
Unable to connect to SMTP server.
I make a simples test using only php mail() function and the email is been sent.
On this server I config postfix and dovecot may be this can be the problem?
you can use 'PHPMailer'.
it's simple and easy.
https://github.com/PHPMailer/PHPMailer
I am using PHPMailer on PHP 5.6, the increased security around certificated in PHP 5.6 is certainly fun.
I am trying to send a test message to a domain hosted on dreamhost, the error that comes back from PHPMailer is: Could not connect to SMTP host.
That error is not right though, I have logging enabled and here is what is actually going on.
Connection: opening to mx1.sub4.homie.mail.dreamhost.com:25,
timeout=30, options=array ( ) Connection: opened S: 220
homiemail-mx32.g.dreamhost.com ESMTP
C: EHLO s81a.ikbb.com
S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000
250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME
C: STARTTLS
S: 220 2.0.0 Ready to start TLS
C: QUIT
S: SMTP ERROR: QUIT command failed: Connection: closed
I could not understand why PHPMailer just gives up, issuing a QUIT command when it should start sending the message. I got another clue from another log:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
If I use some custom options to prevent validation of the cert they are using I can get it to continue. Here is what I have:
$mail->SMTPOptions = array (
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true));
If I put the SMTPOptions in there and skip the peer verification, message goes OK - with no warning in PHP at all.
How can I trap that error, so I know there is an issue but still send the message?
I had the same problem and I found the answer in the PHPMailer documentation.
PHP 5.6 certificate verification failure
In a change from earlier versions, PHP 5.6 verifies certificates on SSL connections. If the SSL config of the server you are connecting to is not correct, you will get an error like this:
Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended:
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
You can also change these settings globally in your php.ini, but that's a really bad idea; PHP 5.6 made this change for very good reasons.
Sometimes this behaviour is not quite so apparent; sometimes encryption failures may appear as the client issuing a QUIT immediately after trying to do a STARTTLS. If you see that happen, you should check the state of your certificates or verification settings.
Solution for WHM/cPanel(s) : Disable SMTP Restriction by following below process:
a) Open WHM and search for SMTP restriction, make sure it's disable.(You can go through Home »Security Center »SMTP Restrictions directly as well)
b) Or Same thing can be done via Tweak Settings (Directly go for Home »Server Configuration »Tweak Settings or you can click on tweak setting link shown in upper image)
For those of you using cPanel, I tried the SMTP check code from the examples folder in PHPMailer and I got this same error:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
I realized that it was not an error related to PHPMailer, so I searched for similar errors related to CentOS and I found this link that shed some light: Issue sending mails through 3rd party. You have to take a look at "SMTP Restrictions" in cPanel.
For PHP 5.6 use the following. Adding "tls://" is the key.
$mail->Host = gethostbyname('tls://smtp.gmail.com');
See: http://php.net/manual/en/context.ssl.php
Disable SMTP Restriction in WHM
As somebody mentioned here, the issue is an invalid SSL certificate.
Your website might have a valid SSL certificate, but it might not apply to the mail.website.net or smtp.website.net subdomains. If your hosting provider has an interface for generating SSL certificates for your website, try to search if there isn't a possibility to select subdomains for which the certificate will generate.
I had a similar problem after I've upgraded to PHP 5.6 on my WordPress machine. The WP Mail SMTP by WPForms (wp-mail-smtp) plugin were configured to use localhost as SMTP Host. I've changed it to the FQHN (Fully Qualified Host Name) as it is defined in the SSL cert.
After this change it is working fine.
If you just migrated to a different server, most likely you can fix this by disabling SMTP restriction from WHM :