[英]how to fix SSL certificate verification failure
I use PHPMailer, along with Apache and PHP, locally.我在本地使用 PHPMailer,以及 Apache 和 PHP。 When I test my SSL config and my cacerts I get
当我测试我的 SSL 配置和我的 cacerts 时,我得到
default_cert_file = C:\Program Files\Common Files\SSL/cert.pem
default_cert_file_env = SSL_CERT_FILE
default_cert_dir = C:\Program Files\Common Files\SSL/certs
default_cert_dir_env = SSL_CERT_DIR
default_private_dir = C:\Program Files\Common Files\SSL/private
default_default_cert_area = C:\Program Files\Common Files\SSL
ini_cafile =
ini_capath =
and then, I do然后,我做
var_dump(fsockopen("smtp.gmail.com", 465, $errno, $errstr, 3.0));
var_dump($errno);
var_dump($errstr);
and I get我得到
fsockopen resource(2) of type (stream) int(0) string(0) ""
In my php.ini
I have curl.cainfo = C:/php/cacert.pem
in the curl
part and it works.在我的
php.ini
中, curl
部分有curl.cainfo = C:/php/cacert.pem
并且它可以工作。
But when I try to use PHPMailer to send a mail from localhost, I keep getting但是当我尝试使用 PHPMailer 从本地主机发送邮件时,我不断收到
SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Failed to enable crypto
unable to connect to ssl://smtp.gmail.com:465 (Unknown error)
I also went to the account used in the SMTP, in https://accounts.google.com/DisplayUnlockCaptcha
and enable it.我还访问了 SMTP 中使用的帐户,在
https://accounts.google.com/DisplayUnlockCaptcha
启用它。 And to https://myaccount.google.com/lesssecureapps?pli=1
and enabled less secured apps.并访问
https://myaccount.google.com/lesssecureapps?pli=1
并启用安全性较低的应用程序。 I guess this is an SSL error and not a PHPMailer.我想这是一个 SSL 错误而不是一个 PHPMailer。 Frankly, I am confused dont know how to fix it.
坦率地说,我很困惑不知道如何解决它。 Excuse my ignorance, any help on whats is going wrong and how to fix it , would be great.
请原谅我的无知,任何关于出了什么问题以及如何解决它的帮助都会很棒。
PS, this my php file that sends the mail. PS,这是我发送邮件的php文件。 Thank you
谢谢
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require 'C:/php/PHPMailer/src/Exception.php';
require 'C:/php/PHPMailer/src/PHPMailer.php';
require 'C:/php/PHPMailer/src/SMTP.php';
$mail = new PHPMailer(true);
try {
$mail->SMTPDebug = 3;
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = 'slevin@gmail.com';
$mail->Password = 'secret';
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;
//Recipients
$mail->setFrom('slevin@gmail.com');
$mail->addAddress('jacob@gmail.com');
//Content
$mail->isHTML(true);
$mail->Subject = 'subject';
$mail->Body = 'HTML message body <b>in bold!</b>';
$mail->AltBody = 'body in plain text';
$mail->send();
echo 'Message has been sent';
} catch (Exception $e) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
}
?>
Update更新
When I try with $mail->SMTPSecure = 'ssl';
当我尝试
$mail->SMTPSecure = 'ssl';
and $mail->Port = 465;
和
$mail->Port = 465;
I get我得到
2017-10-01 13:04:25 Connection: opening to ssl://smtp.gmail.com:465, timeout=300, options=array()
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): unable to connect to ssl://smtp.gmail.com:465 (Unknown error) [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 SMTP ERROR: Failed to connect to server: (0)
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Message could not be sent.Mailer Error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
When I try with $mail->SMTPSecure = 'tls';
当我尝试
$mail->SMTPSecure = 'tls';
and $mail->Port = 587;
和
$mail->Port = 587;
I get我得到
2017-10-01 13:07:20 Connection: opening to smtp.gmail.com:587, timeout=300, options=array()
2017-10-01 13:07:21 Connection: opened
2017-10-01 13:07:21 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP l4sm5217189wrb.74 - gsmtp
2017-10-01 13:07:21 CLIENT -> SERVER: EHLO localhost
2017-10-01 13:07:21 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.75.196.114]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250 SMTPUTF8
2017-10-01 13:07:21 CLIENT -> SERVER: STARTTLS
2017-10-01 13:07:21 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2017-10-01 13:07:21 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 403]
SMTP Error: Could not connect to SMTP host.
2017-10-01 13:07:21 CLIENT -> SERVER: QUIT
2017-10-01 13:07:21 SERVER -> CLIENT:
2017-10-01 13:07:21 SMTP ERROR: QUIT command failed:
2017-10-01 13:07:21 Connection: closed
SMTP Error: Could not connect to SMTP host.
Message could not be sent.Mailer Error: SMTP Error: Could not connect to SMTP host.
Just had the same error message, maybe you've got the same issue:刚刚收到相同的错误消息,也许您遇到了同样的问题:
stream_context_create
and stream_socket_client
stream_context_create
和stream_socket_client
运行相同的请求Testing the same domain through cURL returned:通过 cURL 测试同一个域返回:
curl: (60) SSL certificate problem: certificate is not yet valid
Turns out my virtual machine in which I've run both PHP and cURL had 11 days of error (december 11th instead of december 22th).事实证明,我在其中运行 PHP 和 cURL 的虚拟机出现了 11 天的错误(12 月 11 日而不是 12 月 22 日)。
By fixing the computer/virtual machine's date (using ntp
, ntpdate-debian
or the like), the certificate test now runs fine, in both cURL command-line or PHP.通过修复计算机/虚拟机的日期(使用
ntp
、 ntpdate-debian
等),证书测试现在可以在 cURL 命令行或 PHP 中正常运行。
I encountered this on a new Windows IIS server recently.我最近在一个新的 Windows IIS 服务器上遇到了这个问题。 The cURL call was to my own domain from a batch script, both of which are running on the same server.
cURL 调用是从批处理脚本到我自己的域的,这两个脚本都在同一台服务器上运行。
I'd added我加了
127.0.0.1 mydomain.com
to the hosts file, and I'd forgotten to remove it when I changed the public DNS.到主机文件,我在更改公共 DNS 时忘记删除它。
The server is behind Cloudflare, so my cURL was getting a CF origin certificate and not the real one certificate served by Cloudflare.服务器在 Cloudflare 后面,所以我的 cURL 获得的是 CF 原始证书,而不是 Cloudflare 提供的真实证书。
Removing the hosts entry cleared the problem.删除主机条目清除了问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.