i'm using mandrill and setting up webhooks is failing. i moved my domain to a new server and set up ssl again.
now when i look at the web hooks admin page i see this error:
- Error: POST to https://my.website.com/hooks/mandrill.php failed: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
when i try to change the url for this webhook, all i get is
- We can't verify that the URL exists. More info
when i contacted mandrill support they suggested that it may be missing intermediate CA for my SSL cert. That browsers wouldn't care but the server did care and would fail.
this url helped me figure out that indeed my intermediate CA was not installed
- https://www.sslshopper.com/ssl-checker.html
ends up i didn't have the intermediate CA enabled in /etc/httpd/conf.d/ssl.conf. the lines were commented out. i removed the comments and restarted apache and all is working well now.
i could save the changed webhook and when i clicked send test it sent them. however there still was a stale error on the webhook about the ssl issue. but it was no longer preventing me from editting or sending webhooks
hope this saves someone else some time
Related
Symfony is throwing error when I try to send email. Apparently there is ssl certificate verification failure. The project is running on linux nginx server.
The .env file has following configuration.
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login
Error log
app.ERROR: Could not send mail: Failed sending mail to following
recipients: {{ recipients }} with Error: Connection could not be
established with host "ssl://mail.ourserver.de :465":
stream_socket_client(): SSL operation failed with code 1. OpenSSL
Error messages: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
Error Code:0
Do I need to get ssl certificate for the domain in this case "mail.ourserver.de" and add cert and key in linux openssl configuration?
A hack to make it work! I have found it in stackoverflow answers, but not sure if it's a good practice and does that make the ssl connection vulnerable to attack?
verify_peer=false parameter
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login&verify_peer=false
If i disable verify_peer option, it does work, but Is ssl verification taking place when peer verification is set to false or it's being completely disabled?
It's failing to verify your server's certificate. There's a guide for checking and updating certificates here. (it's for PHPMailer but the parts regarding certificates are still relevant)
If you did not add a SSL certificate yourself, but use SSL, you probably have an autogenerated, self signed certificate in place.
Yes, you should assign a domain name to the server and get some valid, trusted SSL certificate for it. You can use the free LetsEncrypt service. The details depend on the mail server software.
I am getting error like below on DocuSign rest, it was working fine before:
Fatal error: Uncaught DocuSign\eSign\Client\ApiException: Error while requesting server, received a non successful HTTP code [400] with response Body: O:8:"stdClass":2:{s:9:"errorCode";s:35:"HTTPS_REQUIRED_FOR_CONNECT_LISTENER";s:7:"message";s:50:"HTTPS required for Connect listener communication.";}
TIA
This change is discussed in the Jan release notes.
Connect can only be used with https listeners (customers' servers). This applies to both developer and production accounts.
And note that the server must use a certificate that chains to a root cert in the Microsoft standard root cert list. (Self-signed certs won't work.) You can use a free cert from LetsEncrypt or a $15 cert from a reputable CA.
I'm sorry that this update caught you by surprise.
There seems some weird behaviour around this since the recent update.
Please try adding :443 to the URL, this resolved the issue in testing.
I implemented the Xero-API using this library, having implemented it, it worked fine on localhost, then i uploaded to my server then i get this error
Curl error: Problem with the SSL CA cert (path? access rights?)
Assuming that the certs do exist in the path and php has the ability to access the server. Try restart apache first, it might be something simple, if not try regenerate the cert, it might have gotten corrupt somehow.
I have been using EasyPHP 5.3.2i on Windows XP for a few years and I like to test my website offline before uploading it to my web server. This has always been fine until now, when I need to incorporate SSL connections as part of its functionality. My code works fine when running on the web server, but when trying to open an SSL connection from my local computer (127.0.0.1 etc.) I get the following:
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
It was easy enough to install the certificate on my web server, but placing it in the same directory on my local setup doesn't fix this error. Do I have to install it elsewhere or is there something else preventing my establishing an SSL connection here?
Try setting the cURL option CURLOPT_SSL_VERIFYPEER to false. This will disable verification of the peer's certificate. However, you only want to use this option on your testing server. You can view the full list of options here.
All of a sudden, my PHP cURL implementation that access sites over SSL stopped working. After some digging around in the cURL response headers I discovered that the issue was a result of cURL not liking the sites SSL cert, giving the error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Now I didn't test it with other sites and I know there are solutions to add Mozilla's certs to cURL. But to get stuff to work I simply added a new cURL option to disable SSL validity checks (CURLOPT_SSL_VERIFYHOS).
But I am still confused as to how this would stop working in just one day. It worked yesterday. The cert on the site didn't change and it is still a valid, unexpired, Verisign-issued cert.
Had this happen to me last month as well, and the only reason was that the SSL certificate in question was expired. So I just renewed it and the curl ssl link worked again. If you happen to deal with self-signed certificates it's the same deal btw, you either import it or switch of the verification.
That's the only thing I can think off but you state you already verified that...weird. Any chance to take a peek at the site's certificate or is it private? If you haven't changed anything it's almost certainly that something happened to the SSL certificate.
Try These two options in curl
CURLOPT_SSL_VERIFYPEER, FALSE
CURLOPT_SSL_VERIFYHOST, 2