The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

curl not working over ssl - loopback error

Discussion in 'General Discussion' started by howdoi, Apr 7, 2016.

  1. howdoi

    howdoi Member

    Joined:
    Apr 7, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    been struggling with a loopback issue for a while now and finally decide that better minds than mine are needed to resolve.

    I have a working cURL on site within same server. Both sites are running on diedicated IP addresses. However, site running on comodo ssl does not work for curl and reports loop-back error. More explicitly, I get the following:
    140770FC:SSL
    SSL23_GET_SERVER_HELLO:unknown protocol

    additionally, multiple programs have all reported an issue with loopback for this one ip. However, not much more info has been given so unsure if it is a loopback issue or as the above error suggested a protocol issue. I did attempt to enable all protocols and nothing appears to make a difference on that front.

    Advice, what is next step? (or hopefully, someone has already confronted this issue and resolved and knows exactly how to fix :cool: )

    here is apache config to help ensure no issues with protocols
    • fileetag: None
    • keepalive: Off
    • keepalivetimeout: 5
    • maxclients: 150
    • maxkeepaliverequests: 100
    • maxrequestsperchild: 10000
    • maxspareservers: 10
    • minspareservers: 5
    • root_options: ExecCGI, FollowSymLinks, IncludesNOEXEC, Indexes, SymLinksIfOwnerMatch
    • serverlimit: 256
    • serversignature: Off
    • servertokens: ProductOnly
    • sslciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    • sslprotocol: All +TLSv1.2 -SSLv2 -SSLv3
    • startservers: 5
    • timeout: 300
    • traceenable: Off
     
  2. howdoi

    howdoi Member

    Joined:
    Apr 7, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    also, real cron through cpanel works for backups and other task, so not sure what exactly causes this issue but it seems pretty prevalent throughout the web without much clarity of the root issue. Hopefully, we can change that with this thread.
     
  3. massafiri

    massafiri Registered

    Joined:
    Apr 8, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    Have you checked EasyApache to make sure you have SSH cURL enabled?
     
  4. howdoi

    howdoi Member

    Joined:
    Apr 7, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Yes. SSHCURL has been configured in Easyapache3 and recompliled.

    I'm running cloudlinux on a VPS.
     
  5. howdoi

    howdoi Member

    Joined:
    Apr 7, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    additionally, the error response from several plugins is along the lines of this:

    Error #9038: Loopback test error: `SSL certificate problem: self signed certificate`. URL: `https://xxxxxxxx.com/wp-admin/admin-ajax.php`

    The issue that is confusing is that the SSL for this ip is not self-signed; its a comodo license. However, the SSL for server and root ip is self-signed. As the system cron is associated with the server itself, is this response normal? Or is it somehow crossing the two and causing the break? If so, how do I fix???
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Is the cron job associated with a specific application, or are you testing this with your own custom PHP scripts? The reason I ask is because I've seen this issue resolved in the past by users updating specific WordPress plugins.

    Thank you.
     
  7. howdoi

    howdoi Member

    Joined:
    Apr 7, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    following up. I think I resolved this issue. Not sure how exactly, but here's my assumption.

    Originally the site was not routing properly, which may have been an issue with cloudlinux and cagefs not being properly set up in the beginning. During this time, to get site to route properly, I had to add site url to host.conf.

    After getting CL properly tweaked, it appears that virtualhost settings took hold and are being properly configured (at a basic level) at the time of account creation in whm. Once this occurred, the previous hack/repair of using site urls in host config file must have created a conflict and caused routing of curl to use servers self-signed ssl instead of specific sites registered ssl.

    Again, this is my assumption. I made quite a few attempts to fix and this is the only one within proximity to the time that the issue showed resolution. @cPanelMichael If you know my above assumption to be incorrect, then please advise as it would be nice to have certainty on what exactly resolved the issue.

    Kind Regards
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I'm not sure what specific changes you made, and to which particular hosts file, however your explanation makes the most sense as to why it was not detecting the correct SSL certificate.

    Thank you.
     
Loading...

Share This Page