如何修复 SSL 证书验证失败

Question

I use PHPMailer, along with Apache and PHP, locally. When I test my SSL config and my cacerts I get

default_cert_file = C:\Program Files\Common Files\SSL/cert.pem
default_cert_file_env = SSL_CERT_FILE
default_cert_dir = C:\Program Files\Common Files\SSL/certs
default_cert_dir_env = SSL_CERT_DIR
default_private_dir = C:\Program Files\Common Files\SSL/private
default_default_cert_area = C:\Program Files\Common Files\SSL
ini_cafile = 
ini_capath = 

and then, I do

 var_dump(fsockopen("smtp.gmail.com", 465, $errno, $errstr, 3.0));
 var_dump($errno);
 var_dump($errstr);

and I get

fsockopen resource(2) of type (stream) int(0) string(0) "" 

In my php.ini I have curl.cainfo = C:/php/cacert.pem in the curl part and it works.

But when I try to use PHPMailer to send a mail from localhost, I keep getting

SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 
Failed to enable crypto
unable to connect to ssl://smtp.gmail.com:465 (Unknown error)

I also went to the account used in the SMTP, in https://accounts.google.com/DisplayUnlockCaptcha and enable it. And to https://myaccount.google.com/lesssecureapps?pli=1 and enabled less secured apps. I guess this is an SSL error and not a PHPMailer. Frankly, I am confused dont know how to fix it. Excuse my ignorance, any help on whats is going wrong and how to fix it , would be great.

PS, this my php file that sends the mail. Thank you

<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;    
require 'C:/php/PHPMailer/src/Exception.php';
require 'C:/php/PHPMailer/src/PHPMailer.php';
require 'C:/php/PHPMailer/src/SMTP.php';

$mail = new PHPMailer(true);                             
try {

    $mail->SMTPDebug = 3;
    $mail->isSMTP();                                      
    $mail->Host = 'smtp.gmail.com'; 
    $mail->SMTPAuth = true;                               
    $mail->Username = 'slevin@gmail.com';                 
    $mail->Password = 'secret';                           
    $mail->SMTPSecure = 'ssl';                            
    $mail->Port = 465;                                    

    //Recipients
    $mail->setFrom('slevin@gmail.com');
    $mail->addAddress('jacob@gmail.com');     


    //Content
    $mail->isHTML(true);                                 
    $mail->Subject = 'subject';
    $mail->Body    = 'HTML message body <b>in bold!</b>';
    $mail->AltBody = 'body in plain text';

    $mail->send();
    echo 'Message has been sent';
} catch (Exception $e) {
    echo 'Message could not be sent.';
    echo 'Mailer Error: ' . $mail->ErrorInfo;
}            
?>

Update

When I try with $mail->SMTPSecure = 'ssl'; and $mail->Port = 465; I get

2017-10-01 13:04:25 Connection: opening to ssl://smtp.gmail.com:465, timeout=300, options=array()
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): unable to connect to ssl://smtp.gmail.com:465 (Unknown error) [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 SMTP ERROR: Failed to connect to server: (0)
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Message could not be sent.Mailer Error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

When I try with $mail->SMTPSecure = 'tls'; and $mail->Port = 587; I get

2017-10-01 13:07:20 Connection: opening to smtp.gmail.com:587, timeout=300, options=array()
2017-10-01 13:07:21 Connection: opened
2017-10-01 13:07:21 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP l4sm5217189wrb.74 - gsmtp
2017-10-01 13:07:21 CLIENT -> SERVER: EHLO localhost
2017-10-01 13:07:21 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.75.196.114]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250 SMTPUTF8
2017-10-01 13:07:21 CLIENT -> SERVER: STARTTLS
2017-10-01 13:07:21 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2017-10-01 13:07:21 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 403]
SMTP Error: Could not connect to SMTP host.
2017-10-01 13:07:21 CLIENT -> SERVER: QUIT
2017-10-01 13:07:21 SERVER -> CLIENT: 
2017-10-01 13:07:21 SMTP ERROR: QUIT command failed: 
2017-10-01 13:07:21 Connection: closed
SMTP Error: Could not connect to SMTP host.
Message could not be sent.Mailer Error: SMTP Error: Could not connect to SMTP host.

Answer 1

Just had the same error message, maybe you've got the same issue:

• my certificate is good (I can go to the HTTPS domain without any issue)
• can't run the same request through PHP's stream_context_create and stream_socket_client
• I want SSL certificate to be checked

Testing the same domain through cURL returned:

curl: (60) SSL certificate problem: certificate is not yet valid

Turns out my virtual machine in which I've run both PHP and cURL had 11 days of error (december 11th instead of december 22th).

By fixing the computer/virtual machine's date (using ntp , ntpdate-debian or the like), the certificate test now runs fine, in both cURL command-line or PHP.

Answer 2

I encountered this on a new Windows IIS server recently. The cURL call was to my own domain from a batch script, both of which are running on the same server.

I'd added

127.0.0.1  mydomain.com

to the hosts file, and I'd forgotten to remove it when I changed the public DNS.

The server is behind Cloudflare, so my cURL was getting a CF origin certificate and not the real one certificate served by Cloudflare.

Removing the hosts entry cleared the problem.