AWS SES certificate error

  • Resolved nikdow

    (@nikdow)


    4 years, 11 months ago

    Mailer: Amazon SES
    {“curl”:true,”code”:77,”message”:”error setting certificate verify locations:\n CAfile: \/etc\/ssl\/certs\/ca-certificates.crt\n CApath: \/etc\/ssl\/certs”}

    [email protected]:/etc/ssl/certs# ls ca-certificates.crt
    ca-certificates.crt

    This error goes away if I send a test email. The error is reported after sending a newsletter, which is sent using a plugin which we have written.
    All the newsletter emails are delivered OK.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Gregor Capuder

    (@capuderg)

    Hi,

    it looks like cURL on your server is misconfigured.

    Something is wrong with the certificate verify locations. I can see the file exists on your server, but maybe the permissions are not correct?

    Could you please execute ls -la ca-certificates.crt on your server in the /etc/ssl/certs/ directory and post the outcome here?

    Also you could try to execute a cURL command on your server to test if normal cURL commands work or also print out this error. Please run curl -v https://google.com and let me know if it outputs the same error.

    Have a nice day!

    Thread Starter nikdow

    (@nikdow)

    Hi, thanks for getting back to me. curl generally works OK, here are the tests:

    root@ip-172-31-12-147:/etc/ssl/certs# ls -la ca-certificates.crt
    -rw-r–r– 1 root root 233394 Mar 4 2019 ca-certificates.crt
    root@ip-172-31-12-147:/etc/ssl/certs#

    root@ip-172-31-12-147:/etc/ssl/certs# curl -v https://google.com
    * Rebuilt URL to: https://google.com/
    * Trying 172.217.167.78…
    * Connected to google.com (172.217.167.78) port 443 (#0)
    * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
    * found 596 certificates in /etc/ssl/certs
    * ALPN, offering http/1.1
    * SSL connection using TLS1.2 / ECDHE_ECDSA_AES_128_GCM_SHA256
    * server certificate verification OK
    * server certificate status verification SKIPPED
    * common name: *.google.com (matched)
    * server certificate expiration date OK
    * server certificate activation date OK
    * certificate public key: EC
    * certificate version: #3
    * subject: C=US,ST=California,L=Mountain View,O=Google LLC,CN=*.google.com
    * start date: Wed, 01 Apr 2020 12:58:27 GMT
    * expire date: Wed, 24 Jun 2020 12:58:27 GMT
    * issuer: C=US,O=Google Trust Services,CN=GTS CA 1O1
    * compression: NULL
    * ALPN, server accepted to use http/1.1
    > GET / HTTP/1.1
    > Host: google.com
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 301 Moved Permanently
    < Location: https://www.google.com/
    < Content-Type: text/html; charset=UTF-8
    < Date: Mon, 20 Apr 2020 12:11:45 GMT
    < Expires: Wed, 20 May 2020 12:11:45 GMT
    < Cache-Control: public, max-age=2592000
    < Server: gws
    < Content-Length: 220
    < X-XSS-Protection: 0
    < X-Frame-Options: SAMEORIGIN
    < Alt-Svc: quic=”:443″; ma=2592000; v=”46,43″,h3-Q050=”:443″; ma=2592000,h3-Q049=”:443″; ma=2592000,h3-Q048=”:443″; ma=2592000,h3-Q046=”:443″; ma=2592000,h3-Q043=”:443″; ma=2592000,h3-T050=”:443″; ma=2592000
    <
    <HTML><HEAD><meta http-equiv=”content-type” content=”text/html;charset=utf-8″>
    <TITLE>301 Moved</TITLE></HEAD><BODY>
    <H1>301 Moved</H1>
    The document has moved
    here.
    </BODY></HTML>
    * Connection #0 to host google.com left intact

    Plugin Author Gregor Capuder

    (@capuderg)

    Hi,

    hmmm… the output of both commands look OK.

    How are you sending the email from WP (you said you have a custom plugin sending out emails)? Would you be able to share the code part when you send the actual email?

    Take care!

    Thread Starter nikdow

    (@nikdow)

    Thanks for checking curl, good to have your confirmation we aren’t doing anything wrong there.
    I’ve put a tgz of the newsletter plugin at
    https://drive.google.com/open?id=1ZS_SEdkWB2h6rZIcK01ii7Yb0HfN7PJq
    Code to send each email is at otu-newsletter.php around lines 420 to 430.
    Note at line 418 we finish the request so the user isn’t waiting while we send out the emails.

    Also, screenshot of our wp-mail settings page is at
    https://drive.google.com/open?id=1ufIQ4-CxoZdp6erQ9Zz5PHH3b9zkTLdk

    Thanks for taking a look!

    Plugin Author Gregor Capuder

    (@capuderg)

    Hi,

    just a quick note: this support ticket is not private… Anyone can read, download these messages, so I would advise you to remove the plugin and the settings page screenshot.

    I’ll take a look at the plugin if I can spot something. The WP Mail SMTP plugin settings look OK.

    Take care!

    Plugin Author Gregor Capuder

    (@capuderg)

    Hi,

    I’ve looked at the plugin code, just the sending part (wp_mail) and looks OK.

    I couldn’t make your plugin work (to test it out in WP) since it has some other plugin dependencies, which I don’t have.

    So, you said this error appears only when this newsletter plugin is used to send emails? All other WP emails are sent without any issues? Like new WP user registration, any other plugin emails?

    If that is the case and only your plugin is causing these errors, you should try to debug your code. Maybe comment out these two lines before sending the email: 

    
fastcgi_finish_request();
session_write_close();

    Or change the email sending to sent a static prepared test email at the start of the “save” callback action.

    Take care!

    Thread Starter nikdow

    (@nikdow)

    Thanks, I will try those suggestions. Appreciate you taking a look,
    Regards,
    Nik.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘AWS SES certificate error’ is closed to new replies.