Skip to Content Skip to Menu

[SOLVED] [#6453] AntiSpam - recaptcha - cURL error 60: SSL certificate problem unable to get loca

  • krileon
  • krileon
  • OFFLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 10 months ago #290379 by krileon
Replied by krileon on topic reCaptcha Errors on 2 websites
I'm unable to confirm this issue so far. Please provide what PHP version each of you are using as some PHP 7.1 compatibility changes were made. There was a security fix added to Guzzle as well noted below.

www.joomlapolis.com/news/18719-security-statement-cb-2-1-1

Those are the only 3 changes made to Guzzle with 2.1.1 (security fix, PHP 7.1 compatibility fix, and updated fallback cert).

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • OFFLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 10 months ago - 7 years 10 months ago #290381 by krileon
Replied by krileon on topic reCaptcha Errors on 2 websites
Please download the latest cert below.

curl.haxx.se/ca/cacert.pem

Once done upload it to the below location.

/libraries/CBLib/GuzzleHttp

Override the current cacert.pem with latest then see if issue persists. This will help confirm if there's something wrong with the cert. If that doesn't work try disabling the bundled cert usage entirely with the below changes.

IN: libraries/CBLib/GuzzleHttp/Client.php
ON: Line 247
FROM:
Code:
'verify' => __DIR__ . '/cacert.pem'
TO:
Code:
'verify' => true
ON: Lines 250 - 256
REMOVE:
Code:
// Use the bundled cacert if it is a regular file, or set to true if // using a phar file (because curL and the stream wrapper can't read // cacerts from the phar stream wrapper). Favor the ini setting over // the system's cacert. if (substr(__FILE__, 0, 7) == 'phar://') { $settings['verify'] = ini_get('openssl.cafile') ?: true; }

Note setting verify to false will stop this, but it shuts off SSL verification which is not what we want. We want to know why cert verification is suddenly broken.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 7 years 10 months ago by krileon.
The following user(s) said Thank You: mikerotec

Please Log in or Create an account to join the conversation.

  • mikerotec
  • mikerotec
  • OFFLINE
  • Posts: 346
  • Thanks: 28
  • Karma: 2
7 years 10 months ago #290411 by mikerotec
Replied by mikerotec on topic reCaptcha Errors on 2 websites
Tried the new cert, same error
Code:
Captcha : cURL error 60: SSL certificate problem: unable to get local issuer certificate

will try the edits next...

Please Log in or Create an account to join the conversation.

  • mikerotec
  • mikerotec
  • OFFLINE
  • Posts: 346
  • Thanks: 28
  • Karma: 2
7 years 10 months ago - 7 years 10 months ago #290412 by mikerotec
Replied by mikerotec on topic reCaptcha Errors on 2 websites
OK, making the edits to Client.php has indeed restored functionality to the registration page.

"Sign Up Complete!"

PS: running PHP Version 5.6.29, OpenSSL support enabled
Last edit: 7 years 10 months ago by mikerotec.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • OFFLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 10 months ago #290417 by krileon
Replied by krileon on topic reCaptcha Errors on 2 websites
Great, so removing the bundled cert usage fixed it for you. Does that also work for anyone else? We looked into this further and Google is using a root cert that Mozilla removed and is why this is happening.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • beat
  • beat
  • ONLINE
  • Posts: 2169
  • Thanks: 463
  • Karma: 352
7 years 10 months ago #290420 by beat
Replied by beat on topic reCaptcha Errors on 2 websites
Hi mikerotec,
Hi cpaschen,
Hi bizguy,

Despite spending hours, I'm still not able to reproduce the issue you have, and Kyle too hasn't been able to reproduce.

Would it be possible to have access to a joomla TEST-site on the same server to investigate this further ? I would install CB and CB antispam and do various tests and install test-versions until we find the issue and fix it.

I just need one with Super-Admin access to install different fixes to test (FTP too would make life easier, but not needed) ?

If yes, maybe just reply here first that you have sent me by PM the access (Private-Messaging (PM) link in my signature below), so the others don't need to set that up. I would like to do the testing tomorrow so that we can release a fix quickly. Many thanks.
Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum