cURL error 28 and REST-API call failure in Site Health Check

https://docs.presscustomizr.com/article/326-how-to-fix-a-curl-error-28-connection-timed-out-in-wordpress
for full support tls1.2 you must use openssl 1.0.1 or later, also make sure that the certificate is really present and valid. (sometimes there is only the path of the certificate but no certificate and you download from openssl.com)

I get a similar thing but not related to any plugins:

The REST API request failed due to an error.
Error: [] cURL error 28: Operation timed out after 10001 milliseconds with 0 bytes received

The loopback request to your site failed, this means features relying on them are not currently working as expected.
Error: [] cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received

Running PHP 7.2.18 which has TLS v1.2 and OpenSSL/1.0.2r. Everything on my blog seems to work fine though so I’m more or less ignoring it.

@autotutorial :

Thanks for the response. As for the link and the given hints there:

– Make sure your server is running a recent version of PHP and the cURL library.
PHP 7.3.5 as Apache-FPM (nginx in front), cURL 7.29.0

– Try to increase your Server Memory Limits settings.
memory_limit: 768 M

– The cURL error can be a dns related issue. Your hosting company might need to switch dns configuration to OpenDNS : https://www.howtogeek.com/164981/how-to-switch-to-opendns-or-google-dns-to-speed-up-web-browsing/
Not sure about that one. DNS wise the site runs thru Cloudflare, DNSSEC active, in case that’s somehow important. Will check with hostpress on this one.

– Ask your host if there is some limitation with wp-cron, or if loopback is disabled.
wp-cron is called hourly by server, alternate_cron in wp-config is switched off. A test with alternate_cron ‘on’ did not solve the error.

– Ask your host if there a firewall or security modules (e.g. mod_security ) that could block the outgoing cURL requests.
Will check with Hostpress on this one.

As for OpenSSL: version 1.0.2k

So far, thank you for the input and the link.

@markrh

Thank you for your input. I’d like to ignore that one, too. However, on the larger frame I am looking for the cause of my site “phasing in and out” …. i. e. without any changes made sometimes it is accessible and working just fine, an hour later I receive “your website has a problem” on a grey screen (which disappears when adding “OLD” to my plugin folder. That’s when I found that certain plugins throw that error and began wondering.
Of course, I am not sure if that cURL error is behind that instability problem as stats also show CPU memory is exhausted repeatedly. Now I am not on a New Relic plan so I can’t tell the cause here. And to quote McCoy: “I’m a doctor, not an engineer …”

For now I try to get rid of that cURL thing and watching the stats and stability with the mentioned plugins being turned off since last eve.

cURL 7.29.0 this version dates back to 6 years ago while php 7.3 in December 2018.
make sure the certificate checks locally if the pem file is present. https://curl.haxx.se/docs/releases.html

@autotutorial Thanks again for the input. Can I update cURL locally or is that hosting company stuff?

I have no experience in this.
First contact your host.

https://www.php.net/manual/en/openssl.requirements.php

In order to use the OpenSSL functions you need to install the ? OpenSSL library. PHP 5 requires at least OpenSSL >= 0.9.6. However later PHP 5 versions have some compilation issues and should be used at least with OpenSSL >= 0.9.8 which is also a minimal version for PHP 7.0. Other versions (PHP >= 7.1.0) require OpenSSL >= 1.0.1.

Verification of certificates from php 5.6.0
Note* otherwise you can set the certificate as master or php.ini

<?php
var_dump(openssl_get_cert_locations());

If default_cert_file and default_cert_dir exist will be used as default.
Create a file called test.php

<?php
error_reporting(-1);
$ch = curl_init('https://tlstest.paypal.com/');
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// In wamp-like environments that do not come bundled with root authority certificates,
// please download 'cacert.pem' from "https://curl.haxx.se/docs/caextract.html" and set
// the directory path of the certificate as shown below:
//curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/wp-includes/certificates/ca-bundle.crt');
if ( !($res = curl_exec($ch)) ) {
   error_log("Got " . curl_error($ch) . " when processing TLS 1.2 data",3,dirname (__FILE__).'/test.log');
  curl_close($ch);
  exit;
}
curl_close($ch);
echo $res;

call it from browser if all ok paypal replies with ok otherwise test.log will be created with the error curl.
Delete the file test.php and test.log

here is an example on how to update openssl 1.0.0 and curl for php legacy https://tomthorp.me/blog/installing-custom-openssl-and-curl-legacy-php

If you are running multiple PHP versions of PHP-FPM, do take special care that you don’t add your custom build directory as part of ldconfig . The effect of adding your build directory in as part of ldconfig, will tell linux to look at your build directory first, before looking at the default installed drivers. As a result, the next time any other PHP-FPM services are restarted, it will pick up the drivers in your build directory that are incompatible, and will make that PHP-FPM service unstable.

To make sure your custom version of PHP doesn’t interfere with your other PHP-FPM services, you have to add an over-ride into your PHP-FPM service. This will contain an environment variable that tells the service to use the drivers in this path.

Again, ask your host for advice if you are not familiar with the commands, please do not change anything, but try to explore this topic elsewhere ??

OK, gut my host to update to the latest cURL. They first hesitated due to recommendations on their Debian package regarding downward compatibility (about the same as jQuery stuff with wordpress …. compatibility over security), but now I got it. Unfortunately that didn’t do the trick. I realized that openSSL also seems outdated, so I shall keep readers here posted.

sorry but the test.php you did had? ??

I am getting this error and I have identified what’s causing it – it’s a plugin which I use on two of my sites and the error disappears when I disable the plugin. So far so good. But the plugin (“Friends Only”) hasn’t got any support, its forum was last answered two or three years ago and I can’t find another plugin that does the same thing.
Is this error really a “critical” error or can I just ignore it?

I am having this issue and another one, however, it only happens when I use SSL on my site. If I don’t use SSL, it doesn’t happen. My host doesn’t offer cURL as an extension for PHP, so I’m not sure if this can be fixed without switching hosts or just not using SSL.