Skip to Content Skip to Menu

[SOLVED] [#6453] AntiSpam - recaptcha - cURL error 60: SSL certificate problem unable to get loca

  • krileon
  • krileon
  • OFFLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 10 months ago - 7 years 10 months ago #290450 by krileon
Replied by krileon on topic reCaptcha Errors on 2 websites

If I upgrade just CB to 2.1.1 and antispam plugin is still at old version I now get this cURL SSL error?

The latest release is 2.1.1+build.2017.01.20.01.24.41.b5adb972f. Please ensure that's what you tested. We need exact version numbers.

Appear to be a change to CB core??

We updated the bundled cert and made a security fix. We're not sure exactly what's causing this and is why we need everyone who has this issue to perform the tests as requested in Beats reply below.

www.joomlapolis.com/forum/153-professional-member-support/235810-error-captcha-curl-error-60-ssl-certificate-problem-unable-to-get-local?start=12#290426

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 7 years 10 months ago by krileon.

Please Log in or Create an account to join the conversation.

  • mikerotec
  • mikerotec
  • OFFLINE
  • Posts: 346
  • Thanks: 28
  • Karma: 2
7 years 10 months ago #290480 by mikerotec
Replied by mikerotec on topic AntiSpam - recaptcha - cURL error 60: SSL certificate problem unable to get loca
Centos6, PHP 5.6.29, Joomla 3.6.5

Tried installing nightly build 2.1.1+build.2017.01.20.01.24.41.b5adb972f

Installation is OK.

But for this problem, no joy!
Code:
Captcha : cURL error 60: SSL certificate problem: unable to get local issuer certificate

going to try the cert patch next...

Please Log in or Create an account to join the conversation.

  • mikerotec
  • mikerotec
  • OFFLINE
  • Posts: 346
  • Thanks: 28
  • Karma: 2
7 years 10 months ago - 7 years 10 months ago #290482 by mikerotec
Replied by mikerotec on topic AntiSpam - recaptcha - cURL error 60: SSL certificate problem unable to get loca
OK!

Centos6, PHP 5.6.29, Joomla 3.6.5

Installed nightly build 2.1.1+build.2017.01.20.01.24.41.b5adb972f (did not fix).

THEN installed the old cert from 2.1.0+2016.12.18.16.28.40.cb77dc626.zip
( incidentally, it's quite deeply buried inside the download package, the actual path to tunnel through to the file was

\extensions\packages\001_pkg_communitybuilder_2.1.0+2016.12.18.16.28.40.cb77dc626.zip\packages\lib_CBLib.zip\GuzzleHttp\ )

Anyway, SUCCESS! :woohoo:

Installing the old cert ( Certificate data from Mozilla as of: Tue Apr 22 08:29:31 2014 ) over top of the latest nightly build has FIXED the issue, I can register again.

I hope this assists you in the troubleshooting...
Last edit: 7 years 10 months ago by mikerotec.

Please Log in or Create an account to join the conversation.

  • beat
  • beat
  • ONLINE
  • Posts: 2169
  • Thanks: 463
  • Karma: 352
7 years 10 months ago - 7 years 10 months ago #290497 by beat
Replied by beat on topic [SOLVED] [#6453] reCaptcha Errors on 2 websites
Thanks, that helped.

Looks like the google.com SSL chain is not top-notch (no A+ grade) according to ssllabs: www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=216.58.192.4&hideResults=on and to Mozilla.

And the latest Mozilla cacert file has removed SHA1-signed certs, making google.com not validated, which made ReCaptcha fail.

We have thus released Community Builder 2.1.2 which reverts the cacert.pem file to the version of 2.1.0, and which contains the root certificate currently used by Google.com.

Sorry for the mishap, it was my fault to update the certs file to latest Mozilla version. I tested the upgrade and it worked on our Ubuntu test-servers, where openssl also uses the OS-included certificates. I couldn't believe latest Mozilla didn't validate that small barely-known google.com site...

#6453
Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Last edit: 7 years 10 months ago by beat.
The following user(s) said Thank You: nant, krileon, mikerotec

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum