Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
0 votes
565 views
in Q2A Core by

I configured the site and it worked fine on version PHP 5.5

Mail was sent and recaptcha worked.

Send email via SMTP instead of local mail

SMTP server port 465

Send SMTP username and password

Then I changed the server version to PHP 5.6 and everything broke. 

Recaptcha does not work:

PHP Warning:  file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in .../qa-plugin/recaptcha-captcha/recaptchalib.php on line 128

PHP Warning:  file_get_contents(): Failed to enable crypto in .../qa-plugin/recaptcha-captcha/recaptchalib.php on line 128

PHP Warning:  file_get_contents(https://www.google.com/recaptcha/api/siteverify?secret=...&response=...

And the mail does not send:

PHP Question2Answer email send error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

Then I changed the server version back to PHP 5.5 and everything started working again.

For other sites I need to upgrade the server version to 7, I think everything will break again.

How to solve a problem?

Q2A version: 1.8.5
by
+2
Have you checked if SSL is working outside Q2A? Otherwise there should not be any problem?
by
SLL is Working. PHPMailler v.5.2.28 error:


Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

1 Answer

0 votes
by
selected by
 
Best answer

I have partially solved these problems

For re-captcha add function in class ReCaptchaGetRequestMethod:

  /qa-plugin/recaptcha-captcha/recaptchalib.php

private function file_get_contents_curl( $url ) {

      $ch = curl_init();

      curl_setopt( $ch, CURLOPT_AUTOREFERER, TRUE );

      curl_setopt( $ch, CURLOPT_HEADER, 0 );

      curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );

      curl_setopt( $ch, CURLOPT_URL, $url );

      curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, TRUE );

      $data = curl_exec( $ch );

      curl_close( $ch );

     return $data;

    }

And replace file_get_contents -> file_get_contents_curl

https://qna.habr.com/q/339897

For email Forcefully allowed insecure connections via the SMTPOptions

/qa-include/app/emails.php

https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#certificate-verification-failure

    $mailer->SMTPOptions = array(

    'ssl' => array(

      'verify_peer' => false,

      'verify_peer_name' => false,

      'allow_self_signed' => true,

      )

    );

Later I solved this problem correctly. 

I wrote to server support and they renewed the certificate (file: ca-root-nss.crt). And also registered the paths to it in the php.ini file. Both mail and recaptcha started working as usual.

Directive Local Value Master Value
openssl.cafile /usr/local/share/certs/ca-root-nss.crt /usr/local/share/certs/ca-root-nss.crt
openssl.capath /usr/local/share/certs /usr/local/share/certs
by
+1
That's not a good solution as most likely email will go to spam I guess. You'll need to make ssl work by getting a valid certificate. Letsencrypt gives you free SSL certificate.
by
You're right, it was a bad decision.
...