Problem with OAuth 2.0 authentification

I’ve never seen that error before. Can you send a screenshot please? I’m not quite clear on WHEN this error is being generated.

Update: A quick Google shows a variety of solutions. What is your technical level? Do you know what curl is? Apache? mod_ssl? Root certificates?

From https://snippets.webaware.com.au/howto/stop-turning-off-curlopt_ssl_verifypeer-and-fix-your-php-config/ :

The error is caused by not having an up-to-date bundle of CA root certificates. This is typically a text file with a bunch of cryptographic signatures that curl uses to verify a host’s SSL certificate. You need to make sure that your installation of PHP has one of these files, and that it’s up to date.

My technical knowledge is rather basic – i can go in php, mysql and basic server settings (i have my own vps) but first time i see this problem. The pb comes when i try to validate the access with google, i then come back on postmain settings and i get this error message

i can send you a screen capture but it’s in french

Nicolas, you may want to open a ticket with your host, as it’s a medium-level fix.

If the article I quoted is correct, than your CA root certificates are possibly outdated or missing. This means when your server (specifically, curl being called by PHP) connects to https://www.googleapis.com/ it doesn’t recognize the CA of Google’s certificate and (correctly) kills the connection.

A quick fix is:

• Download the newest PEM file from curl’s website https://curl.haxx.se/docs/caextract.html to your VPS
• Update your php.ini file to use the new file curl.cainfo=/etc/php/cacert.pem for example

Like I said, you might want to ask your host for help. You definitely need root access.

Update: That’s just a band-aid, and a temporary one. The proper solution is to find out why your VPS is not keeping the certificates up-to-date on its own (through the ca-certificates package on most Linux distributions). You should have the very latest CA certs in the openssl directory: “/etc/ssl/certs/ca-certificates.crt” or “/etc/pki/tls/certs/ca-bundle.crt”

#

It’s a lot to take in, isn’t it?

Start piece by piece:

• Open php.ini, do you have the curl.cainfo line?
• What is the filename the curl.cainfo line is pointing to?
• Does this file exist?
• What are the contents of that file?
• How do the contents of that file compare to this file?
• Do you have the ca-certificates package installed?
• Do you have the /etc/ssl/certs/ca-certificates.crt file? What is the modified date?
• Do you have the /etc/pki/tls/certs/ca-bundle.crt file? What is the modified date?

Thanks a lot for your help.

I checked and here is what i can see :

There is a ca-bundle.crt modified in july 14

I see not ca-certificates.crt file

I see no curl.cainfo line in the php.ini

I have uploaded the cacert.pem file and added ;curl.cainfo=c:/etc/php.d/cacert.pem in the php.ini file but not sure what i am doing here !

Where did you see ca-bunle.crt modified jul 14? Was it here: /etc/pki/tls/certs/ca-bundle.crt ?

In that case you need to add this to php.ini:

curl.cainfo=/etc/pki/tls/certs/ca-bundle.crt

Make sure that is the only curl.cainfo line in the file, you can only have one.

Then you need to restart your web server, if you don’t know how than the easiest way is to just reboot the VPS.

This is wrong:

;curl.cainfo=c:/etc/php.d/cacert.pem

because

• c:/ is a Microsoft Windows pathname, and your VPS is Linux
• you can’t have a semi-colon at the front

Ask your host for help if you are not sure, or you might break something.

Yes it was here /etc/pki/tls/certs/ca-bundle.crt

For my information where do i put the curl.cainfo lines in the php.ini file ? end ? begining ? it doesn’t matter ?

I will add these two lines
curl.cainfo=/etc/pki/tls/certs/ca-bundle.crt
curl.cainfo=/etc/php.d/cacert.pem

Restart my vps, and it should be ok hopefully.

Thanks

No it doesn’t matter where in the file they go.

No, you can only add ONE of the lines. You can’t have both. Try with the first one, that is the correct. Then try the second, that is the temporary one. They should both work, but the first one is the one managed by the system.

Ok tried with the two lines and restarted the vps each time, but had always the same error message each time. Didn’t seem to make any difference.
Will make further tests tomorrow

thanks anyway for your time Jason, you’re great

I’m sorry that you’re having an issue. I wish I could help more. I still think you should ask your host for help. They will be the best resource for fixing environment issues.

Who is your hosting service?