This question already has answers here:
Laravel certificate verification errors when sending TLS email
(2 answers)
Closed 1 year ago.
I want to configure a custom email (not gmail) with TLS using Laravel and I can't make it work.
The error I get is:
stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages:\nerror:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
In my .env file I have:
MAIL_DRIVER=smtp
MAIL_HOST=mail.**********.com
MAIL_PORT=587
MAIL_USERNAME=system#**********.com
MAIL_PASSWORD=**********
MAIL_FROM_ADDRESS=system#**********.com
MAIL_ENCRYPTION=tls
I tried the same account in a non Laravel PHP project and it works just fine. In that project, I have this option that I think is the key:
$mailer->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
$mailer->SMTPAuth = true;
$mailer->SMTPSecure = 'tls';
How can I configure this options in Laravel? Or is another mistake?
Thanks for your help.
Finally when I change the MAIL_ENCRYPTION to null, it worked just fine. I assume that is a server configuration problem, I'll check it with the sysadmin.
Regards
I'm having the situation where I try to connect to a SSL host via SOAP in a Docker Application.
When trying to do so, I have to disable SSL on transport level in order to get it working. I'm using code like this:
$context = stream_context_create([
'ssl' => [
// set some SSL/TLS specific options
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$client = new SoapClient(null, [
'location' => 'https://...',
'uri' => '...',
'stream_context' => $context
]);
Which is also the most upvoted answer on this question.
So, what I'd like to achieve is to get the connection running without this hack.
If I leave this out, I receive the following exception:
( ! ) Fatal error: SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://api.myhost.tld/gateway/Method?wsdl' : failed to load external entity "https://api.myhost.tld/gateway/Method?wsdl" in /var/www/html/app/code/local/Vendor/MyHost/Model/Method.php on line 31
You need trusted certificate for your domain api.myhost.tld to make it right. So you can buy "official" SSL certificate and attach that to your SOAP webserver or create self signed certificate and add that cert as trusted in your docker image like described there: How do I add a CA root certificate inside a docker image?
This question already has answers here:
how to fix stream_socket_enable_crypto(): SSL operation failed with code 1
(18 answers)
Closed 1 year ago.
I was sending emails using gmail and everything was working perfectly, but suddendly it stoped working. And it shows me this
ErrorException in StreamBuffer.php line 94:
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
in StreamBuffer.php line 94
at HandleExceptions->handleError('2', 'stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed', 'C:\xampp\htdocs\coparmex\vendor\swiftmailer\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php', '94', array())
at stream_socket_enable_crypto(resource, true, '9') in StreamBuffer.php line 94
at Swift_Transport_StreamBuffer->startTLS() in EsmtpTransport.php line 313
at Swift_Transport_EsmtpTransport->_doHeloCommand() in AbstractSmtpTransport.php line 118
at Swift_Transport_AbstractSmtpTransport->start() in Mailer.php line 79
at Swift_Mailer->send(object(Swift_Message), array()) in Mailer.php line 385
at Mailer->sendSwiftMessage(object(Swift_Message)) in Mailer.php line 171
And this only happends in my localhost, in the web host works fine. I don't understand what is going on :c
These are my gmail settings
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=gmail
MAIL_PASSWORD=password
MAIL_ENCRYPTION=tls
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues before using this as a solution.
You should add below code in /config/mail.php ( worked on laravel 5.4 )
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
as you should never change code in vendors as suggested by Sultan Ahmad
That's an error with your SSL certificate. You're trying to use a SSL connection (encrypted, secure connection) without a proper certificate.
That's because you're connecting from localhost, which isn't secure, and that is blocked by the connection. You could avoid that by changing your localhost connection to a SSL based one.
See this link for more details.
Hi I have also found this very useful on the server level:
Edit \vendor\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php
line 259 ish. comment out the $options = array(); and add the below.
$options = array();
$options['ssl'] = array('verify_peer' => false,
'verify_peer_name' => false, 'allow_self_signed' => true);
This work with Laravel 6.0
I had the same issue and was able to resolve by removing a level of authentication security. That is, at some point Gmail asked me for the phone number - 2nd level of authentication. When I deleted this 2nd level I was happy again. I hope I have helped.
in Laravel : this will solve the problem.
go to \vendor\swiftmailer\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php
inside method
private function establishSocketConnection()
after this code
$options = array();
if (!empty($this->params['sourceIp'])) {
$options['socket']['bindto'] = $this->params['sourceIp'].':0';
}
then add this two lines
$options['ssl']['verify_peer'] = FALSE;
$options['ssl']['verify_peer_name'] = FALSE;
Add the following in .htaccess
php_value openssl.cafile "Path to cacert.pem"
stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Im using Laravel 4.2, PHP 5.6, Apache 2.4
I have GoDaddy SSL installed in Amazon ec2 Linux.
SSL working fine when i visit the site with https.
The error happened when I call my function :
<?php
public function sendEmail()
{
\Mail::send ( 'emails.code.code', $data, function ($sendemail) use($email) {
$sendemail->from ( 'info#me.com', 'Me Team' );
$sendemail->to ( $email, '' )->subject ( 'Activate your account' );
} );
}
?>
I read some articles about this, they said that there are things we should make some changes, they put that code but i don't know where to insert it.
Been reading this: https://www.mimar.rs/en/sysadmin/2015/php-5-6-x-ssltls-peer-certificates-and-hostnames-verified-by-default/
and this documentation of php http://php.net/manual/en/migration56.openssl.php which is hard to understand.
So my question is how to solve this problem?
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint such as Gmail, and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
You can add below code in /config/mail.php ( tested and worked on laravel 5.1, 5.2, 5.4 )
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint such as Gmail, and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
I have also this error in laravel 4.2 I solved like this way. Find out StreamBuffer.php. For me I use xampp and my project name is itis_db for this my path is like this. So try to find according to your one
C:\xampp\htdocs\itis_db\vendor\swiftmailer\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php
and find out this function inside StreamBuffer.php
private function _establishSocketConnection()
and paste this two lines inside of this function
$options['ssl']['verify_peer'] = FALSE;
$options['ssl']['verify_peer_name'] = FALSE;
and reload your browser and try to run your project again. For me I put on like this:
private function _establishSocketConnection()
{
$host = $this->_params['host'];
if (!empty($this->_params['protocol'])) {
$host = $this->_params['protocol'].'://'.$host;
}
$timeout = 15;
if (!empty($this->_params['timeout'])) {
$timeout = $this->_params['timeout'];
}
$options = array();
if (!empty($this->_params['sourceIp'])) {
$options['socket']['bindto'] = $this->_params['sourceIp'].':0';
}
$options['ssl']['verify_peer'] = FALSE;
$options['ssl']['verify_peer_name'] = FALSE;
$this->_stream = #stream_socket_client($host.':'.$this->_params['port'], $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, stream_context_create($options));
if (false === $this->_stream) {
throw new Swift_TransportException(
'Connection could not be established with host '.$this->_params['host'].
' ['.$errstr.' #'.$errno.']'
);
}
if (!empty($this->_params['blocking'])) {
stream_set_blocking($this->_stream, 1);
} else {
stream_set_blocking($this->_stream, 0);
}
stream_set_timeout($this->_stream, $timeout);
$this->_in = &$this->_stream;
$this->_out = &$this->_stream;
}
Hope you will solve this problem.....
Try changing the app/config/email.php
smtp to mail
How to fix on Laravel (5,6,7 at least), WordPress (and other PHP + cURL implementations I guess):
Download the latest cacert.pem file from cURL website.
wget https://curl.haxx.se/ca/cacert.pem
Edit php.ini (you can do php --ini to find it), update (or create if they don't exist already) those two lines:
curl.cainfo="/path/to/downloaded/cacert.pem"
...
openssl.cafile="/path/to/downloaded/cacert.pem"
Those lines should already exist but commented out, so uncomment them and edit both values with the path to the downloaded cacert.pem
Restart PHP and Nginx/Apache.
Edit: You may need to chown/chmod the downloaded certificate file so PHP (and the user running it) can read it.
source
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint such as Gmail, and you'll be vulnerable to a Man-in-the-Middle Attack.
Be sure you fully understand the security issues before using this as a solution.
Easy fix for this might be editing config/mail.php and turning off TLS
'encryption' => env('MAIL_ENCRYPTION', ''), //'tls'),
Basically by doing this
$options['ssl']['verify_peer'] = FALSE;
$options['ssl']['verify_peer_name'] = FALSE;
You should loose security also, but in first option there is no need to dive into Vendor's code.
edit your .env and add this line after mail config lines
MAIL_ENCRYPTION=""
Save and try to send email
Finally! it was my AVG antivirus, it has a feature called email shield, disabled it and the error was gone.
For Laravel 9, following is enough to disable ssl check:
'verify_peer' => false,
Example:// config/mail.php
'mailers' => [
'smtp' => [
'transport' => 'smtp',
'host' => env('MAIL_HOST', 'smtp.mailgun.org'),
'port' => env('MAIL_PORT', 587),
'encryption' => env('MAIL_ENCRYPTION', 'tls'),
'username' => env('MAIL_USERNAME'),
'password' => env('MAIL_PASSWORD'),
'timeout' => null,
'auth_mode' => null,
'verify_peer' => false,
],
...
This start to happen today in one of my servers using wordpress with a plugin that uses PHPMailer, with no recent changes.
The solution: sudo yum install ca-certificates
Now It works again perfectly, I did also an httpd restart (not sure if needed)
I can't figure out the real problem, I suspect that was a hardcoded date in the old ca-certificates package.
To resolve this problem you first need to check the SSL certificates of the host your are connecting to. For example using ssllabs or other ssl tools. In my case the intermediate certificate was wrong.
If the certificate is ok, make sure the openSSL on your server is up to date. Run openssl -v to check your version. Maybe your version is to old to work with the certificate.
In very rare cases you might want to disable ssl security features like verify_peer, verify_peer_name or allow_self_signed. Please be very careful with this and never use this in production. This is only an option for temporary testing.
change encryption type from SSL to TLS works form me.
in my case i did following
$mail = new PHPMailer;
$mail->isSMTP();
$mail->Host = '<YOUR HOST>';
$mail->Port = 587;
$mail->SMTPAuth = true;
$mail->Username = '<USERNAME>';
$mail->Password = '<PASSWORD>';
$mail->SMTPSecure = '';
$mail->smtpConnect([
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]);
$mail->smtpClose();
$mail->From = '<MAILFROM#MAIL.COM>';
$mail->FromName = '<MAIL FROM NAME>';
$mail->addAddress("<SENDTO#MAIL.com>", '<SEND TO>');
$mail->isHTML(true);
$mail->Subject= '<SUBJECTHERE>';
$mail->Body = '<h2>Test Mail</h2>';
$isSend = $mail->send();
with symfony I modify the dotEnv to include some small information and it works great
MAILER_DSN=smtp://user:pass#container_name:25?verify_peer=false&verify_peer_name=false&allow_self_signed=true
I my case the issue occurred on websites hosted on VPS with cPanel' WHM. After an update all the emails sent via Gmail SMTP stopped working.
As a solution, in the WHM I had to turn off
Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)
setting under
Home / Server Configuration / Tweak Settings
See pic.
I guess after WHM update this settings was turn on somehow or probably this is a new settings, I am not sure.
Reading app/config/mailphp
Supported : "smtp", "mail", "sendmail"
Depending on your mail utilities installed on your machine, fill in the value of the driver key. I would do
'driver' => 'sendmail',
for Laravel 5.4
for gmail
in .env file
MAIL_DRIVER=mail
MAIL_HOST=mail.gmail.com
MAIL_PORT=587
MAIL_USERNAME=<username>#gmail.com
MAIL_PASSWORD=<password>
MAIL_ENCRYPTION=tls
in config/mail.php
'driver' => env('MAIL_DRIVER', 'mail'),
'from' => [
'address' => env(
'MAIL_FROM_ADDRESS', '<username>#gmail.com'
),
'name' => env(
'MAIL_FROM_NAME', '<from_name>'
),
],
Go to vendor\swiftmailer\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php
comment line 250 and add this line:
//$options = [];
$options['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true);
$default = [ ... ];
$turnOffSSL = [
'stream' => [
'ssl' => [
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false,
],
],
];
$environment = env('APP_ENV');
if ($environment === 'local') {
return array_merge($default, $turnOffSSL);
}
return $default;
I browsed the net for three days and I still can not solve my problem... That's why I ask for your help :)
I try to call a web servcice over https with selfsigned certificate and i get the following error : SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://...
My code :
$streamContext = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true
)
));
$client = new SoapClient("https://DOMAIN/ws.php?wsdl", array(
'trace' => true,
'stream_context' => $streamContext
));
$client->method($params);
I tried to :
Change values of "verify_peer" and "allow_self_signed" options ;
Replace "ssl" key by "https" in stream_context array ;
Load the WSDL file locally but i get the following error : Could not connect to host (my endpoint : https://DOMAIN/ws.php);
Clear my client cache ;
Use Zend_Soap_Client and nusoap library.
Also, I checked the connection between the client and the server with the following commands "ping DOMAIN" and "telnet DOMAIN 443" and everything is ok.
It seems the "stream_context" option is ignored or the problem is elsewhere ?!
Is it a php Bug ?!
All suggestions will be appreciated.
Thx
I had a very similar problem and I added 'verify_peer_name' => false to the stream context. So...
$streamContext = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
));
Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues before using this as a solution.