Let's Encrypt works fine, only not with file_get_contents()

Discussion in 'Installation/Configuration' started by Jigal van Hemert, Jan 9, 2020.

  1. Jigal van Hemert

    Jigal van Hemert New Member

    Some data:
    - ISPConfig Version: 3.1.15p2
    - Ubuntu 16.04 (up-to-date) (php 7.0.33-0ubuntu0.16.04.7)
    - Set up with the Perfect Server tutorial (thanks for that!)
    - site configuration:
    SuExec on, Own Error-Documents on, Auto-Subdomain www, SSL on, Let's Encrypt SSL on, PHP: Fast-CGI, PHP version default

    This works fine in browsers. There is a PHP script on the server that tries to access its own frontend using file_get_contents(). This produces some errors:
    Core: Error handler (BE): PHP Warning: file_get_contents(http://www.bordercollies.nl/index.php?id=71&L=0): failed to open stream: operation failed in /web/typo3conf/ext/solr/Classes/IndexQueue/PageIndexerRequest.php line 407
    Core: Error handler (BE): PHP Warning: file_get_contents(): Failed to enable crypto in /web/typo3conf/ext/solr/Classes/IndexQueue/PageIndexerRequest.php line 407
    Core: Error handler (BE): PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /web/typo3conf/ext/solr/Classes/IndexQueue/PageIndexerRequest.php line 407

    These errors are produced consistently with various URLs. If I request the same URLs with wget the contents are retrieved without errors.
    Next, verification with openssl:
    # openssl s_client -servername bordercollies.nl -connect bordercollies.nl:443 </dev/null
    depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
    verify return:1
    depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    verify return:1
    depth=0 CN = bordercollies.nl
    verify return:1
    Certificate chain
    0 s:/CN=bordercollies.nl
    i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    i:/O=Digital Signature Trust Co./CN=DST Root CA X3
    Server certificate
    -----END CERTIFICATE-----
    issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    SSL handshake has read 3795 bytes and written 456 bytes
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 4096 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: ACBE3B84C3DF889D54[...]9EDCA649C560E6247EF7
    Master-Key: E653B6F7239041BE93[...]F5DF7D9FF09DFFC9CAF
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 6d b0 ea 67 66 72 aa 10-b8 d1 4e b7 05 9d 49 f1 m..gfr....N...I.
    00c0 - 6d 32 78 bc 65 38 2e 93-dd 49 89 bd f0 d0 83 12 m2x.e8...I......

    Start Time: 1578525021
    Timeout : 300 (sec)
    Verify return code: 0 (ok)

    Let's Encrypt certificate seems fine, but somehow PHP doesn't accept it. Is there something missing in the PHP configuration?

    Thanks for any ideas to solve this!

    Regards, Jigal.

Share This Page