Jump to content

SSL Not detected error

Vs Nu

By Vs Nu
in Troubleshooting Issues

 Share

Recommended Posts

Vs Nu Member

Vs Nu

Posted
Posted

In client portal the SSL Icon shows Red (No SSL Detected) but SSL was working on that domain name 

 

I had checked in system status that i have an CURL Version error as below :

You currently have version 7.29.0 of cURL installed. This version is known to have security issues. Please update to the latest cURL and ensure it is greater than 7.35.0.

i was using Plesk linux but there is no update available on Plesk Linux for CURL

How to solve this case ?

0
Link to comment
Share on other sites
Vs Nu Member

Vs Nu

Posted
  • Author
Posted
11 minutes ago, yggdrasil said:

What WHMCS version are you running? With Plesk Linux, do you mean CentOS? Because Plesk is a control panel not a Linux distribution.

Im using latest version of WHMCS

 

Plesk with Centos 7 64 Bit

0
Link to comment
Share on other sites
Vs Nu Member

Vs Nu

Posted
  • Author
Posted
5 minutes ago, yggdrasil said:

What result do you get when running this from the command line in your Linux server: 


curl -v https://domain-you-are-testing-here.com

curl -v https://domain.com
* About to connect() to domain.com port 443 (#0)
*   Trying x.x.x.x...
* Connected to domain.com (x.x.x.x) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=*.domain.com
*       start date: Feb 24 03:00:51 2021 GMT
*       expire date: May 25 03:00:51 2021 GMT
*       common name: *.domain.com
*       issuer: CN=R3,O=Let's Encrypt,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: domain.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Type: text/html; charset=UTF-8
< Link: <https://domain.com/wp-json/>; rel="https://api.w.org/"
< Transfer-Encoding: chunked
< Date: Thu, 01 Apr 2021 15:57:46 GMT
< Vary: User-Agent
< Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
<
<!DOCTYPE html>
 

 

I had replaced the domain and ip for privacy !

0
Link to comment
Share on other sites
Vs Nu Member

Vs Nu

Posted
  • Author
Posted
7 hours ago, steven99 said:

In php.ini, ensure that curl.cainfo and openssl.cafile point to the certificate authority roots.  In that curl command, it gave that as /etc/pki/tls/certs/ca-bundle.crt .  

Can you please explain more on where to check in php.ini file 

0
Link to comment
Share on other sites
Vs Nu Member

Vs Nu

Posted
  • Author
Posted
7 hours ago, steven99 said:

In php.ini, ensure that curl.cainfo and openssl.cafile point to the certificate authority roots.  In that curl command, it gave that as /etc/pki/tls/certs/ca-bundle.crt .  

In php.ini it was like

;curl.cainfo =

;openssl.cafile=

 

What details i need to enter over it ?

0
Link to comment
Share on other sites
yggdrasil Senior Member

yggdrasil

Posted
Posted
2 hours ago, Vs Nu said:

In php.ini it was like

;curl.cainfo =

;openssl.cafile=

 

What details i need to enter over it ?

I would advise you to contact your server administrator or hosting company as this is not really related to WHMCS but configuration on your server software, something your system admin will be able to do in 3 minutes.

As Steven99 said, you need to put the path to the certificate authority. Or you can look into PHP's documentation for more information:

PHP: Runtime Configuration - Manual

0
Link to comment
Share on other sites
Vs Nu Member

Vs Nu

Posted
  • Author
Posted
3 hours ago, steven99 said:

Would agree with @yggdrasil on getting a system admin to do it.  Just to be clear, those should be:

curl.cainfo = /etc/pki/tls/certs/ca-bundle.crt

openssl.cafile= /etc/pki/tls/certs/ca-bundle.crt

(without the ";" in front)

I had updated as per your advice on php.ini file

 

* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 

 

But still it shows the same error on WHMCS 

0
Link to comment
Share on other sites
yggdrasil Senior Member

yggdrasil

Posted
Posted
57 minutes ago, Vs Nu said:

I had updated as per your advice on php.ini file

 

* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 

 

But still it shows the same error on WHMCS 

Did you restart the service?

0
Link to comment
Share on other sites
yggdrasil Senior Member

yggdrasil

Posted
Posted (edited)

The problem is not actually related to that. It's your CURL version.

curl 7.29.0 is the default version that comes with CentOS 7.

That version does not work with the WHMCS SSL checker. You need to upgrade your CURL version to at least 7.7x for it to work.

Edited by yggdrasil
0
Link to comment
Share on other sites
Vs Nu Member

Vs Nu

Posted
  • Author
Posted
1 minute ago, yggdrasil said:

The problem is not actually related to that. It's your CURL version.

curl 7.29.0 is the default version that comes with CentOS 7.

That version does not work with the WHMCS SSL checker. You need to upgrade your CURL version to at least 7.7x for it to work.

Do you have any guide on how to upgrade it ?

 

as yum update curl does not have any update on plesk centos

0
Link to comment
Share on other sites
yggdrasil Senior Member

yggdrasil

Posted
Posted (edited)
11 minutes ago, Vs Nu said:

Do you have any guide on how to upgrade it ?

 

as yum update curl does not have any update on plesk centos

There is no official guide because you will need to use a third party repo. This can be a security risk if you don't trust that repository or person that build it. Also take into account that now by replacing the official CURL version, you will not get updates for that package  which means you might need to update it manually from now on. On CentOS this might also cause problems and conflicts with other things because now you have a different CURL version over the default in the operating system which some softwares expect.

In the end you have to decide how much you want this WHMCS checker feature because you are altering RPM's in your operating system to get this to work. I saw more than one person corrupting their server or not being able to upgrade and ending up with mismatch on packages because they install third party repositories without knowing what they are doing. You could start to get dependencies errors.

If you still want to go that route, you just need to search upgrade curl on CentOS 7, if you are on Plesk there is even instructions in their forums. Just take into account the package does not come from CentOS and is not officially supported.

This is also why Plesk does not give you official instructions either. Its not a great idea to modify default operating systems. Installing third party repos is ok if the package does not exist. This is also why WHMCS tells you that CURL version is old and has security problems which is false and incorrect as CentOS comes from Red Hat and they backport the security updates to their shipped packages. Neither PHP 5 or CURL on CentOS 7 is insecure as they have the patches applied as long as you are using yum with the official repository. But when you replace the standard packages, you know to depend on the third party repository to keep those packages updates with security fixes.

Yum on CentOS will not update your CURL version because that version is the latest supported version by your operating system. There is no newer version officially for CentOS 7.

Here is one link for Plesk:

Update curl and OpenSSL modules | Plesk community

Edited by yggdrasil
0
Link to comment
Share on other sites
  • 1 month later...
JesusSuarz Member

JesusSuarz

Posted
Posted
On 4/2/2021 at 8:01 PM, steven99 said:

Would agree with @yggdrasil on getting a system admin to do it.  Just to be clear, those should be:

curl.cainfo = /etc/pki/tls/certs/ca-bundle.crt

openssl.cafile= /etc/pki/tls/certs/ca-bundle.crt

(without the ";" in front)

 

this was the solution for me:

enable these options in my php.ini

curl.cainfo = /etc/pki/tls/certs/ca-bundle.crt
openssl.cafile = /etc/pki/tls/certs/ca-bundle.crt

exactly the same path. (Obviously the server must have a certificate issued for this to work).

furthermore i updated to curl 7.76.1 with the following.

1) create a new file /etc/yum.repos.d/city-fan.repo

2) Paste the following contents: 

[CityFan]
name=City Fan Repo
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch/
enabled=1
gpgcheck=0

3) type: 

yum clean all
yum install curl

4) And it's done.

at the end I have removed the repository to not receive new updates from any other package.

 

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept