Failed to request via WordPress: cURL error 60: SSL certificate problem
-
Hello,
Recently, I’m getting the following error messages when running the cron for Page Optimization manually (generate UCSS and WebP)
Failed to request via WordPress: cURL error 60: SSL certificate problem: certificate has expired [server] https://api.quic.cloud [service] d/usage
Failed to request via WordPress: cURL error 60: SSL certificate problem: certificate has expired [server] https://api.quic.cloud [service] d/nodes
When I tried to refresh the Domain Key it shows: Cloud Error: cURL error 60: SSL certificate problem: certificate has expired
My domain name is covered with a valid SSL certificate (please check the link below)
Report number: RSTHWWJY
Please advise, thanks!
The page I need help with: [log in to see the link]
-
Hi,
please create a php file at same dir as your wp-config.php with code
<?php require( './wp-load.php' ); $response = wp_remote_get( 'https://api.quic.cloud/' ); echo '<pre>'; var_dump($response); echo '</pre>';then access it by browser, see what it returns
Best regards,
Hi, thanks for your reply.
This is what it returns:
object(WP_Error)#2496 (2) { ["errors"]=> array(1) { ["http_request_failed"]=> array(1) { [0]=> string(63) "cURL error 60: SSL certificate problem: certificate has expired" } } ["error_data"]=> array(0) { } }How do I fix this?
Cheers!
Hi,
the issue is happened because of Let’s Encrypt CA cert has expired at end of Sept , 2021
so many sites (specially the ones who serve API that unlike the real browser does ) that using Let’s Encrypt cert has been affected
only way to fix is to ask your hosting provider to update the CA cert on their servers.
e.g.
yum update ca-certificatesfor CentOS 7reference: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Best regards,
Hello, Thanks for your reply.
Please find below the response from my hosting provider:
“The server is running with updated root certificates and the domains are not using Let’s Encrypt to begin with.
I have double-checked and the SSL certificate on the account is issued through a different authority (Comodo).
Our web servers are using Litespeed Web Server and LSCache but not QUIC.
QUIC https://quic.cloud/ requires additional configuration and licensing which we do not advertise and/or support.
This can be set up on a dedicated server but not through our shared/reseller plans I am afraid.”`
The strange thing is that other domains in my shared reseller hosting plan are working fine with Litespeed’s Page Optimization (generating WebP and minify CSS etc.)
What should/can I do next?
Cheers!
Hi,
please try this code https://www.litespeedshare.net/s/hensy–9
see what it returns , this one should give more extended info
from QC side , the cert is working properly now
https://www.ssllabs.com/ssltest/analyze.html?d=api.quic.cloud&hideResults=on
Best regards,
Hi,
The SSL certificate for my domain is issued through cPanel AutoSSL (Comodo) and it expires on January 3, 2022.
I’m not using Let’s Encrypt
Though I’m still getting the following error: Failed to request via WordPress: cURL error 60: SSL certificate problem: certificate has expired
Report number: RSTHWWJY
What could be the problem?
Thanks for your support
Hi,
our servers are using Let’s Encrypt
the API communication is 2-way communication
by that means , it requires both your site and our servers have a valid cert
the tricky thing here is that , one of the Let’s Encrypt CA cert was expired last week , and that , creates a problem for a lot of servers
our certs are valid and not expired , but the issue is the CA cert that validate the Let’s Encrypt has been expired and need to update
the previous code link was wrong , please grab that script and see what it returns
https://www.litespeedshare.net/snippet/?6e8e7fefee808f36#gBR926ypfq3qZnvF1vZ7yGjGfxyeDsj6LjvfwsqU1zS
Best regards,
Hi, thanks for your reply.
This is what it returns:
2021-Aug-20 2021-Nov-18 Let's Encrypt 43 days 89 days 1637227601 Array ( [name] => /CN=*.quic.cloud [subject] => Array ( [CN] => *.quic.cloud ) [hash] => 0bd07595 [issuer] => Array ( [C] => US [O] => Let's Encrypt [CN] => R3 ) [version] => 2 [serialNumber] => 0x03A30B92BD28107B66904446391DB54D711B [serialNumberHex] => 03A30B92BD28107B66904446391DB54D711B [validFrom] => 210820092642Z [validTo] => 211118092641Z [validFrom_time_t] => 1629451602 [validTo_time_t] => 1637227601 [signatureTypeSN] => RSA-SHA256 [signatureTypeLN] => sha256WithRSAEncryption [signatureTypeNID] => 668 [purposes] => Array ( [1] => Array ( [0] => 1 [1] => [2] => sslclient ) [2] => Array ( [0] => 1 [1] => [2] => sslserver ) [3] => Array ( [0] => 1 [1] => [2] => nssslserver ) [4] => Array ( [0] => [1] => [2] => smimesign ) [5] => Array ( [0] => [1] => [2] => smimeencrypt ) [6] => Array ( [0] => [1] => [2] => crlsign ) [7] => Array ( [0] => 1 [1] => 1 [2] => any ) [8] => Array ( [0] => 1 [1] => [2] => ocsphelper ) [9] => Array ( [0] => [1] => [2] => timestampsign ) ) [extensions] => Array ( [keyUsage] => Digital Signature, Key Encipherment [extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication [basicConstraints] => CA:FALSE [subjectKeyIdentifier] => 83:7F:E1:C9:F8:8C:83:16:57:C3:E6:32:40:C4:40:14:92:DC:BB:11 [authorityKeyIdentifier] => keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 [authorityInfoAccess] => OCSP - URI:https://r3.o.lencr.org CA Issuers - URI:https://r3.i.lencr.org/ [subjectAltName] => DNS:*.dev.quic.cloud, DNS:*.monitor.quic.cloud, DNS:*.new.quic.cloud, DNS:*.ns.quic.cloud, DNS:*.old.quic.cloud, DNS:*.preview.quic.cloud, DNS:*.quic.cloud, DNS:quic.cloud [certificatePolicies] => Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: https://cps.letsencrypt.org [ct_precert_scts] => Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 44:94:65:2E:B0:EE:CE:AF:C4:40:07:D8:A8:FE:28:C0: DA:E6:82:BE:D8:CB:31:B5:3F:D3:33:96:B5:B6:81:A8 Timestamp : Aug 20 10:26:42.999 2021 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:1F:78:F4:74:DB:58:9C:E9:1F:27:64:A2:42: 92:AD:FD:16:84:29:55:D9:81:AD:BD:7B:C2:20:85:44: 46:90:A3:02:21:00:FF:64:96:D5:D4:5C:F2:B7:28:FA: 59:7E:65:FC:48:65:7F:C0:2E:A6:0C:63:55:D0:D3:4F: A6:7E:50:CE:34:62 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E: E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3 Timestamp : Aug 20 10:26:42.974 2021 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:6D:27:F2:E2:41:D1:4F:0D:B0:84:0B:6F: 53:81:C8:56:86:CC:8F:C5:A6:D4:79:10:0C:4B:3F:15: 45:16:34:8C:02:20:57:E0:20:CC:5B:7E:6A:A7:0C:6B: 26:AF:14:BB:E8:70:B6:57:87:55:42:A3:B8:D0:D3:85: 0B:32:61:62:14:25 ) )in previous code, line 76 , what if you change
api.quic.cloudtoletsencrypt.org, what does it return by then ?Ok, done, this is what it returns:
2021-Aug-06 2021-Nov-04 Let's Encrypt 29 days 89 days 1635987831 Array ( [name] => /CN=lencr.org [subject] => Array ( [CN] => lencr.org ) [hash] => 0abf0cc9 [issuer] => Array ( [C] => US [O] => Let's Encrypt [CN] => R3 ) [version] => 2 [serialNumber] => 0x04C7DFD804B953B98DF7BD408640EEB3AAF9 [serialNumberHex] => 04C7DFD804B953B98DF7BD408640EEB3AAF9 [validFrom] => 210806010353Z [validTo] => 211104010351Z [validFrom_time_t] => 1628211833 [validTo_time_t] => 1635987831 [signatureTypeSN] => RSA-SHA256 [signatureTypeLN] => sha256WithRSAEncryption [signatureTypeNID] => 668 [purposes] => Array ( [1] => Array ( [0] => 1 [1] => [2] => sslclient ) [2] => Array ( [0] => 1 [1] => [2] => sslserver ) [3] => Array ( [0] => [1] => [2] => nssslserver ) [4] => Array ( [0] => [1] => [2] => smimesign ) [5] => Array ( [0] => [1] => [2] => smimeencrypt ) [6] => Array ( [0] => [1] => [2] => crlsign ) [7] => Array ( [0] => 1 [1] => 1 [2] => any ) [8] => Array ( [0] => 1 [1] => [2] => ocsphelper ) [9] => Array ( [0] => [1] => [2] => timestampsign ) ) [extensions] => Array ( [keyUsage] => Digital Signature [extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication [basicConstraints] => CA:FALSE [subjectKeyIdentifier] => 8C:EB:4E:2E:C1:C5:C0:7C:63:FA:E9:45:E5:61:5C:25:42:46:6D:36 [authorityKeyIdentifier] => keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 [authorityInfoAccess] => OCSP - URI:https://r3.o.lencr.org CA Issuers - URI:https://r3.i.lencr.org/ [subjectAltName] => DNS:lencr.org, DNS:letsencrypt.com, DNS:letsencrypt.org, DNS:www.lencr.org, DNS:www.letsencrypt.com, DNS:www.letsencrypt.org [certificatePolicies] => Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: https://cps.letsencrypt.org [ct_precert_scts] => Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 44:94:65:2E:B0:EE:CE:AF:C4:40:07:D8:A8:FE:28:C0: DA:E6:82:BE:D8:CB:31:B5:3F:D3:33:96:B5:B6:81:A8 Timestamp : Aug 6 02:03:53.576 2021 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:84:25:35:77:6F:8E:1A:5D:B6:49:4B: 18:2A:90:AF:08:1A:E3:2E:28:84:02:5A:FA:AE:7C:B8: 7F:42:38:6F:15:02:20:47:35:3F:40:87:BD:39:7B:43: 55:A3:0A:1F:42:CB:58:4B:FD:C5:C9:A3:94:9D:47:6B: B7:DC:36:1A:63:2D:5A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89: 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7 Timestamp : Aug 6 02:03:53.607 2021 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:20:7A:11:B0:77:70:A4:95:3C:BC:74:9B: FB:09:AA:B4:59:5F:3E:E8:A0:D9:D6:CB:DD:FB:2A:21: 6C:CD:0C:C4:02:20:78:C2:7B:80:1A:C6:B2:79:8F:58: 65:DE:43:2D:C7:C4:0D:38:52:F8:DE:F5:29:9C:24:39: 0D:06:9E:B5:02:AA ) )my bad , wrong code
please try this
<?php require( './wp-load.php' ); $response = wp_remote_get( 'https://letsencrypt.org/' ); echo '<pre>'; var_dump($response); echo '</pre>';Here you go:
object(WP_Error)#2495 (2) { ["errors"]=> array(1) { ["http_request_failed"]=> array(1) { [0]=> string(63) "cURL error 60: SSL certificate problem: certificate has expired" } } ["error_data"]=> array(0) { } }Thanks!
Hi,
yes, please take the latest check/test/result to your hosting provider and kindly ask them for assist
it’s not about being using QC or not
the case here is :
whenever remote site is using a cert issued by Let’s Encrypt , that not only to our QC sites, but to any sites that uses Let’s Encrypt , will not be able to connect from your server/script due to CA cert issue
Best regards,
Hi,
A user reported a solution
download file
https://github.com/WordPress/WordPress/blob/master/wp-includes/certificates/ca-bundle.crt
make up and replace it into your
/wp-cinludes/certificates/ca-bundle.crtBest regards,
Updating WordPress also fixes this…
But why on earth is WordPress using its own ca bundle and not the systems or the ini option curl.cainfo? The WP_HTTP class should at least try the systems ca pack for a fallback if cert errors from its own pack.
- The topic ‘Failed to request via WordPress: cURL error 60: SSL certificate problem’ is closed to new replies.
