Cannot connect to GMail SMTP (PHPMailer) - Certificate Verify Failed
Question
Very recently encountered this error when trying to send mail via SMTP and GMail.
Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in C:\xampp\htdocs\portal\libraries\php_mailer\class.smtp.php on line 343
2017-12-05 09:48:03 SMTP Error: Could not connect to SMTP host.
2017-12-05 09:48:03 CLIENT -> SERVER: QUIT
2017-12-05 09:48:03 SMTP ERROR: QUIT command failed:
Server address is https://gg-portal.com , and SSL configuration seems correct (verified through online checkers).
PHPMailer code is...
$mail = new PHPMailer();
$mail->isSMTP();
$mail->Host = "smtp.gmail.com";
$mail->SMTPAuth = true;
$mail->Username = $this->_config["EmailUser"];
$mail->Password = $this->_config["EmailPass"];
$mail->SMTPSecure = "tls";
$mail->SMTPDebug = 1;
$mail->Port = 587;
$mail->FromName = $this->_config["Brand"];
$mail->From = $this->_config["EmailFrom"];
$mail->AddCC("...emailAddress...");
$mail->Subject = "...subject...";
$mail->Body = "...content...";
$mail->IsHTML(true);
$mail->WordWrap = 50;
if(!$mail->Send()) {
echo ' Message was not sent.';
echo 'Mailer error: ' . $mail->ErrorInfo;
}
Have looked at the documentation which suggests certificate issues, though as stated SSL setup seems fine. Have looked into the issue elsewhere and most popular suggestions is to bypass the SSL (which works) however I'd prefer not to do this.
'context' => [
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]
1 answers
solution1
5 ACCPTED 2017-12-08 01:30:12
FIXED ISSUE FOR ME I fixed this issue in my windows php environment by downloading an updated root certificates file and pointing my php.ini file to it. It seems the problem was not with gmail's cert but rather with an outdated root certificate file due to windows server 2012 no longer updating this file automatically. Download cacert.pem from here: https://curl.haxx.se/docs/caextract.html . Then in php.ini use following line to point to it (assuming you have openssl.dll installed).
openssl.cafile={Path to the file on your server}\\cacert.pem.
That fixed it and I no longer needed to bypass SSL/TLS verification like suggested. Ultimately I need to get windows to update root certs automatically using GPO or WSUS. see https://serverfault.com/questions/541922/where-to-get-root-ca-certificates-for-windows-server-now-that-microsoft-no-longe
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.