SSL Not detected error

[Vs Nu]

In client portal the SSL Icon shows Red (No SSL Detected) but SSL was working on that domain name 

 

I had checked in system status that i have an CURL Version error as below :

You currently have version 7.29.0 of cURL installed. This version is known to have security issues. Please update to the latest cURL and ensure it is greater than 7.35.0.

i was using Plesk linux but there is no update available on Plesk Linux for CURL

How to solve this case ?

[yggdrasil]

What WHMCS version are you running? With Plesk Linux, do you mean CentOS? Because Plesk is a control panel not a Linux distribution.

[Vs Nu]

11 minutes ago, yggdrasil said:

What WHMCS version are you running? With Plesk Linux, do you mean CentOS? Because Plesk is a control panel not a Linux distribution.

Im using latest version of WHMCS

 

Plesk with Centos 7 64 Bit

[yggdrasil]

What result do you get when running this from the command line in your Linux server:

curl -v https://domain-you-are-testing-here.com

[Vs Nu]

5 minutes ago, yggdrasil said:

What result do you get when running this from the command line in your Linux server:

curl -v https://domain-you-are-testing-here.com

curl -v https://domain.com
* About to connect() to domain.com port 443 (#0)
*   Trying x.x.x.x...
* Connected to domain.com (x.x.x.x) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=*.domain.com
*       start date: Feb 24 03:00:51 2021 GMT
*       expire date: May 25 03:00:51 2021 GMT
*       common name: *.domain.com
*       issuer: CN=R3,O=Let's Encrypt,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: domain.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Type: text/html; charset=UTF-8
< Link: <https://domain.com/wp-json/>; rel="https://api.w.org/"
< Transfer-Encoding: chunked
< Date: Thu, 01 Apr 2021 15:57:46 GMT
< Vary: User-Agent
< Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
<
<!DOCTYPE html>
 

 

I had replaced the domain and ip for privacy !

[steven99]

In php.ini, ensure that curl.cainfo and openssl.cafile point to the certificate authority roots.  In that curl command, it gave that as /etc/pki/tls/certs/ca-bundle.crt .  

[Vs Nu]

7 hours ago, steven99 said:

In php.ini, ensure that curl.cainfo and openssl.cafile point to the certificate authority roots.  In that curl command, it gave that as /etc/pki/tls/certs/ca-bundle.crt .  

Can you please explain more on where to check in php.ini file 

[Vs Nu]

7 hours ago, steven99 said:

In php.ini, ensure that curl.cainfo and openssl.cafile point to the certificate authority roots.  In that curl command, it gave that as /etc/pki/tls/certs/ca-bundle.crt .  

In php.ini it was like

;curl.cainfo =

;openssl.cafile=

 

What details i need to enter over it ?

[yggdrasil]

2 hours ago, Vs Nu said:

In php.ini it was like

;curl.cainfo =

;openssl.cafile=

 

What details i need to enter over it ?

I would advise you to contact your server administrator or hosting company as this is not really related to WHMCS but configuration on your server software, something your system admin will be able to do in 3 minutes.

As Steven99 said, you need to put the path to the certificate authority. Or you can look into PHP's documentation for more information:

PHP: Runtime Configuration - Manual

[steven99]

Would agree with @yggdrasil on getting a system admin to do it.  Just to be clear, those should be:

curl.cainfo = /etc/pki/tls/certs/ca-bundle.crt

openssl.cafile= /etc/pki/tls/certs/ca-bundle.crt

(without the ";" in front)

[Vs Nu]

3 hours ago, steven99 said:

Would agree with @yggdrasil on getting a system admin to do it.  Just to be clear, those should be:

curl.cainfo = /etc/pki/tls/certs/ca-bundle.crt

openssl.cafile= /etc/pki/tls/certs/ca-bundle.crt

(without the ";" in front)

I had updated as per your advice on php.ini file

 

* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 

 

But still it shows the same error on WHMCS 

[yggdrasil]

57 minutes ago, Vs Nu said:

I had updated as per your advice on php.ini file

 

* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 

 

But still it shows the same error on WHMCS 

Did you restart the service?

[Vs Nu]

46 minutes ago, yggdrasil said:

Did you restart the service?

I had restarted the apache and it was reflected in PHPInfo page

Even i had run cron.php do --Sslsync job

[yggdrasil]

The problem is not actually related to that. It's your CURL version.

curl 7.29.0 is the default version that comes with CentOS 7.

That version does not work with the WHMCS SSL checker. You need to upgrade your CURL version to at least 7.7x for it to work.

Edited April 3, 2021 by yggdrasil

[Vs Nu]

1 minute ago, yggdrasil said:

The problem is not actually related to that. It's your CURL version.

curl 7.29.0 is the default version that comes with CentOS 7.

That version does not work with the WHMCS SSL checker. You need to upgrade your CURL version to at least 7.7x for it to work.

Do you have any guide on how to upgrade it ?

 

as yum update curl does not have any update on plesk centos

[yggdrasil]

11 minutes ago, Vs Nu said:

Do you have any guide on how to upgrade it ?

 

as yum update curl does not have any update on plesk centos

There is no official guide because you will need to use a third party repo. This can be a security risk if you don't trust that repository or person that build it. Also take into account that now by replacing the official CURL version, you will not get updates for that package  which means you might need to update it manually from now on. On CentOS this might also cause problems and conflicts with other things because now you have a different CURL version over the default in the operating system which some softwares expect.

In the end you have to decide how much you want this WHMCS checker feature because you are altering RPM's in your operating system to get this to work. I saw more than one person corrupting their server or not being able to upgrade and ending up with mismatch on packages because they install third party repositories without knowing what they are doing. You could start to get dependencies errors.

If you still want to go that route, you just need to search upgrade curl on CentOS 7, if you are on Plesk there is even instructions in their forums. Just take into account the package does not come from CentOS and is not officially supported.

This is also why Plesk does not give you official instructions either. Its not a great idea to modify default operating systems. Installing third party repos is ok if the package does not exist. This is also why WHMCS tells you that CURL version is old and has security problems which is false and incorrect as CentOS comes from Red Hat and they backport the security updates to their shipped packages. Neither PHP 5 or CURL on CentOS 7 is insecure as they have the patches applied as long as you are using yum with the official repository. But when you replace the standard packages, you know to depend on the third party repository to keep those packages updates with security fixes.

Yum on CentOS will not update your CURL version because that version is the latest supported version by your operating system. There is no newer version officially for CentOS 7.

Here is one link for Plesk:

Update curl and OpenSSL modules | Plesk community

Edited April 3, 2021 by yggdrasil