I have a problem with wordpress. When I want to do install of some plugin or update Wordpress to new version then I get error:
Download failed. cURL error 77: Problem with the SSL CA cert
Path? Access rights?
I didn't change anything on my website. I have shared hosting.
I have the same issue with OVH and a let's encrypt certificat. This is commun bug while you have a php version to 5.6. it's seems that is working fine with PHP 7.
Both, curl, file_get_contents and getimagesize running a file from my own server didn't work.
I correct the url and make it as a path on a direct URL.
https://example.com/file.css
Become
/home/example.com/file.css
And it works after.
Of course you will need to adapt your scripts with this to detect internal link that can cause the issue.
Related
Long story short, I had to reinstall php 7.4 on my Mac. I have a php webapp that hits a .NET API. Prior to the reinstall of php, I was able to hit a locally running version of my API at https://localhost:5001 using cURL in php but now I get a response code of 0 with this error:
Curl error: SSL certificate problem: self signed certificate
If I point the same php code to my production API, everything works fine. I am able to successfully hit the local version of the API with Postman.
I tried the accepted answer from this post but it did not work for me even after restarting apache and my computer. I tried both the php.ini and runtime approaches but neither solved my problem.
You should append the public key of your self signed certificate to the cacert.pem file. Then either of the solutions (setting curl.cainfo in php.ini OR explicitly specifying the path to the cacert.pem file using CURLOPT_CAINFO) proposed here should work just fine.
Make sure you respect the format of the cacert.pem file when adding your public key.
I simply can't find a solution to this. I migrated a Wordpress site with a woocommerce shop and payment gateway "Payunity" to a new EC2 machine with a bitnami wordpress stack.
I generated a Let's Encrypt SSL certificate and the entire site works as expected.
Only problem I have is that for some reason on the woocommerce checkout page I suddenly get this error message:
SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed
I googled extensively and tried figuring this out but no chance.
Any idea what I have to set on the server to have this go away? I tried modifying the php.ini with the capath and cafile like some threads pointed out but no luck.
Any ideas?
Update: I now moved to Cloudflare as DNS Manager and have the "Full (strict) setting so that the Cloudflare SSL is the one in use. However still the same error, so I figure this has nothing todo with the original Let's Encrypt or now Cloudflare SSL Certificate.
I believe this error message is caused by CURL. According to the CURL FAQ (https://github.com/curl/curl/blob/master/docs/FAQ) section 4.12 (where exactly this error message is mentioned), "it means that curl couldn't verify that the server's certificate was good. Curl verifies the certificate using the CA cert bundle that comes with the curl installation." (vsince CURL 7.10).
As your CURL version is quite old (released on Oct 7, 2015), I would assume that one of the CA/root certificates it is using is too old. I would recommend updating CURL separately (e.g. using this guide: http://pavelpolyakov.com/2014/11/17/updating-php-curl-on-ubuntu/, depending on your OS).
Furthermore, you can check the openssl.cafile option in php.ini that should point to an absolute path containing a more or less recent CA bundle (e.g. "C:\xampp7.3\apache\bin\curl-ca-bundle.crt" for my XAMPP installation). You can try to extract the bundle from the XAMPP .zip (https://www.apachefriends.org/download.html) and replace the path in your php.ini and then restart the server.
In addition, you can check your php.ini if extension=php_openssl.* (extension e.g. dll for Windows) is uncommented, i.e. activated.
Maybe (and this is why I asked what should be shown normally at this place) a script inside the Payunity plugin is trying to fetch something from an URL with a broken certificate or something similar.
EDIT: As pointed out by Sebastian B., you can check the error.log (in case of Apache) for failed file_get_contents() (or similar) calls because the actual URL of the "file" the site PHP tried to fetch is mentioned there.
EDIT: CURL Perl script to create a fresh ca-bundle.crt file based on Mozilla's chain: https://github.com/curl/curl/blob/master/lib/mk-ca-bundle.pl You can try this (or extract one from a fresh CURL installation) and set this as a path in php.ini. Or you can use this from the Nextcloud project (https://github.com/nextcloud/server/blob/master/resources/config/ca-bundle.crt) or another one (just for testing purposes, of course).
I am running Bolt CMS locally on my machine using XAMPP. I just upgraded to version 2.0.1 today and everything seems to be working great. The only issue I am having is installing extensions.
On the view/install extensions page, I am seeing this message:
The Bolt extensions Repo at https://extensions.bolt.cm/list.json is currently unavailable. Check your connection and try again shortly.
I do have an active internet connection and am not sure why I cannot connect to the repository from the extensions page. Any help would be appreciated!
Update
In the CommandRunner.php file's setup method, there is this line:
$json = json_decode((file_get_contents($this->packageRepo)));
The problem is coming from the file_get_contents($this->packageRepo) call
The error message being returned from that call is
file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Update 2
The issue is not related to bolt CMS but rather my XAMPP configuration. However, if someone else using bolt CMS locally with XAMPP has already tackled this issue, I would appreciate their input.
At this point, I have not been able to solve the SSL issue with my local server.
I did, however, find a solution that allows me to install bolt extensions.
The solution is to open up the config.yml file and add the following:
extensions:
site: 'http://extensions.bolt.cm/'
This will tell bolt to use the http URL rather than https. I would recommend using the secure URL in production, but this has allowed me to install extensions on my local server until I solve the underlying problem.
I found that the following fixed it correctly for me!
PHP cURL error code 60
From that post:
Use this certificate root certificate bundle:
https://curl.haxx.se/ca/cacert.pem
Copy this certificate bundle on your disk. And use this on php.ini
curl.cainfo = "path_to_cert\cacert.pem"
I am trying to query a remote LDAP server in a secure connection in a Windows php local test environment. I think I must have the access granted correctly because I can use an LDAP Browser application and that connects to the remote server fine. Also, if I do ' telnet remoteserverurl.com 636' then a blank screen shows up in command prompt, so I am at least connecting. But in my following .php code I get an error on bind: "PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in line..."
The same code works in a Linux server. I think there is some kind of missing LDAP libraries in my local php environment for secure LDAP connection? Anyway, here is the code:
$ds=ldap_connect("ldaps://serveraddress.com", "636"); // remote server
//$ds=ldap_connect("ldap://localhost", 389); // works
//putenv('LDAPTLS_REQCERT=never');//doesn't help with secure ldap
//ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); //works for local LDAP server (Open LDAP)
$r=ldap_bind($ds, "cn=xxx,ou=proxy,o=xxx", "passwordxxxx");//throws error for remote
Any idea? Thanks!
Know this is older, but I recently ran into a similar issue when using wordpress 3.x & 4.x on windows 2008 & 2012 (IIS 7.x & 8.x, PHP 5.6).
I had written a plugin for ldap authentication for wordpress - as was trying to get LDAPS (ldap secure over port 636 working).
Couple things:
When using PHP LDAPS, the documentation states you simply prefix the LDAP server with ldaps://. So server1.domain.com for LDAPS should be ldaps://server1.domain.com/ ...note you don't need to pass the port at all for the connection method (per http://php.net/manual/en/function.ldap-connect.php). This is very similar to what the original question has in its submission.
The windows PHP libraries are hard-coded to look for an open ldap config file (ldap.conf) in C:\openldap\sysconf\ldap.conf.
Create the text file mentioned in #2 above - this is where you point to your certificate store. Once you create this file, you can put in TLS_REQCERT never … but this means no certs are verified and all are trusted automatically (essentially) - should only be for testing...never for production, as you defeat part of TLS/SSL security measures (i.e. certifying you are indeed talking to the host you believe you are connected to).
Instead of the insecure TLS_REQCERT never option that seems to be a popular (and perhaps misguided) suggestion on the interwebs...grab the common public cert authority list used by curl and similar - http://curl.haxx.se/ca/cacert.pem. This essentially is what firefox comes with for public certificate authority trusts (i.e. it's why you can install firefox and go to https://amazon.com without a cert warning, etc.).
Drop the cacert.pem file you downloaded (it's just a text file with a bunch of certificate hashes and descriptions) with your PHP install. For instance, say i dumped it with my php install in c:\php5\cacert.pem. Your location may differ, but put it somewhere it can be accessed and will be grouped with php stuff since it is related. Here's a couple shots of the contents of the cacert.pem file to give you an idea of what's inside.
Edit the C:\openldap\sysconf\ldap.conf and add a line for the command TLS_CACERT like pictured.
This should allow you to now trust public, valid certificates just like modern web browsers do, etc. Note that it won't fix internally-issued or self-signed certificate trust issues. But you can easily do that as well by adding your own cert hashs to the cacert.pem file.
To add another certificate as a trusted has in the cacert.pem file, simply get a copy of the certificate in question (you just need to export it to .cer in base64 format - don't need the private key and extension really doesn't matter - just needs to be a hash output). If you've exported it in the right format, you can open the certificate file and see the hash - it will be similar (but not identical) to the screenshot here of the Thawte Server CA example. Simply append the hash you exported to the cacert.pem file and it will be trusted. If you are looking to be clever, you can instead import the issuing certificate for your private-issued certificate - this would then trust any cert signed by the imported cert. If in doubt, you can always just import the presented certificate.
After making such changes, I found it best to restart the web server (iis manager -> web server node -> restart option) so everything using php was reset.
For extra credit, you can use the same cacert.pem file for the curl implementation by editing your php.ini file and putting the full path to the cacert.pem file in the line curl.cainfo =.
Again, I know this is an older post, but I wanted to share what I had learned while hooking up wordpress to eDirectory via LDAPS.
Check your PHP libaries
<?php phpinfo() ?>
Since you can connect using a LDAP client i expect your LDAP runs SSL
Did you copy your SSL Cert?
Copy the server certificates to sys:/php5/cert directory. This location is configurable in php.ini file.
Use "ldaps://" prefix for host name argument or a value of 636 for port number argument in ldap_connect call.
I got this working! #s.lenders' 'answer' (thanks for that) pointed out toward some Certificate issue and indeed it was a Certificate issue. The remove LDAP Server had its Certificate in expired state--I got a warning about that even when I connected using the desktop application (SoftTerra LDAP Browser). So imported the Certificate to my Windows Certificates--SoftTerra LDAP Browser application allowed me that option. And, voila!. SSL LDAP calls are working.
** Update: Not sure if the above Certificate thingy helped or not but here is something more concrete which helped me: It looks like the php LDAP libraries look for a certain conf files; hard-coded to: C\OpenLDAP\sysconf\ldap.conf ?! So I basically created new folders per this info and put an ldap.conf file with nothing but 'TLS_REQCERT never' and that helps! I have tested it..if I were to remove this file then my Secure LDAP queries don't work and fail in the 'bind' step. Note, I am comfortable with the 'never' in my conf because this will be only on my own workstation.
Also note I am on a Windows 7 running IIS 7+ **
Hope this helps someone.
I am currently moving my web app to amazon ec2. Since it's only for testing, I use the free version called ec2 free tier with windows server 2008 instance. However, Although I have done all I know and read this thread ( How to enable cURL in PHP / XAMPP ). I just couldn't use curl on my php script. it always creates the error
Call to undefined function curl_init() in C:\xampp\htdocs\index.php on line 2
Here are all thing I have tried
Install Wamp ( I tried it on XAMPP to)
Uncomment out php_curl in php.ini file ( and restart apache)
Copy two dll files to both system32 and syswow64
Could it have to do with the fact that I am using free vps?
Update:
Also, when I started the apache server in XAMPP , this error appeared
'PHP Startup: unable to load dynamic library curl.dll'
However, I have double checked the ext directory and the php_curl.dll was in there.
i think curl need to access remote sever from our web server. so i opened all traffic in my server outbound rule and it works. i think this is not good solution. still look for better way.
nope.
be sure, that you have the files in the right place, usually its in the plugins folder for php! maybe you cann add a absolute path to your php.ini!
be sure, you edit the correct ini file!
php completly independent to your operatingsystem!
just be sure to doublecheck everything. because its not saying, it has trouble loading your extention, its just saying, the function your trying to call, is not there. so i assume your extention ist not loading at all! :)
One reason I did notice for this cURL plugin to malfunction was the availability of copies of libeay32.dll and ssleay32.dll files. Please check whether your system32 folder has such copies and if so, please rename them to some other names and copy the ones found with the php installation. Sometimes you may need to restart your machine. This was documented here some time ago.
I had a similar problem, but it occours just with requests under https. I tried to create a curl request directly from the ec2 machine and got a error: "curl: (77) error setting certificate verify locations".
It looks like some kind of ssl validation fail because of a certificate not found. So I used a parameter -k (or --insicure) in my curl command, to ignore this validation and after that my curls request did directly from ec2 machine worked.
So I tried to apply a similar ideia in my curl command in php, (I suppoused that the curl php extension forward this requests to the operation system) and I found this curl opt:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
After that it works to me.
Probably this isn't the best way to solve the problem, but solved my problem temporarelly.