.

Hi there! Are you currently experiencing problems with the Jetpack plugin? If you are, please provide us with additional details and we’ll be happy to assist you.

Please include:

1.) The steps that result in the problem.
2.) The expected result.
3.) The actual result.

Be sure to also include any errors messages that you receive and relevant screenshots.

Thank you!

sorry, the jetpack can’t connect as it won’t accept my ssl certificate alhough the access to the site is just fine and the certificate is a legimate wildcard ssl.

Thanks for the additional information! Are you using a self-signed certificate by chance? If so, I’m afraid that Jetpack does not currently support self-signed SSL certificates.

You would need to upgrade to a CA-signed certificate (recommended) or disable HTTPS (not recommended) in order to connect.

If you want to disable HTTPS, you can do so by adding the following line to your wp-config.php file:
define( 'JETPACK_CLIENT__HTTPS', 'NEVER' );

I hope this helps to clear things up! Please let me know if you have any questions.

for sure not! I have a wildcard comodo certificate

https://sslanalyzer.comodoca.com/?url=nameyour.domains

Thanks for clarifying! It looks like our server cannot verify your server’s SSL certificate. If you take a look at the link that you provided, you’ll notice that the certificate is untrusted:

Trusted by Microsoft? No (unable to get local issuer certificate) UNTRUSTED
Trusted by Mozilla? No (unable to get local issuer certificate) UNTRUSTED

You can see the chain issues here:
https://www.ssllabs.com/ssltest/analyze.html?d=nameyour.domains

And here’s an OpenSSL command that gives some more details:

$ openssl s_client -connect nameyour.domains:443

depth=0 /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.nameyour.domains
verify error:num=20:unable to get local issuer certificate

The problem is that OpenSSL doesn’t recognize your certificate’s CA’s certificate. The reason that URL works in browsers is because most modern browsers allow for certificate discovery by reading the “Authority Information Access” metadata from the certificate, which contains a URL from which the browser can download the CA’s certificate. OpenSSL does not.

RFC: https://tools.ietf.org/html/rfc5280#section-4.2.2.1
Similar situation: https://stackoverflow.com/questions/7587851/openssl-unable-to-verify-the-first-certificate-for-experian-url

The best solution is if you can configure your webserver to supply the entire SSL certificate chain, rather than just your own certificate. That’s what we do on WordPress.com. Sending the entire chain will also make your sites more compatible with older (and some mobile) browsers.

I hope this information is helpful. Please let me know if you have any questions!

Yes that “intermediate certificate” … I will look into that, Comodo could not explain me how to setup it up correctly so I will find it by myself or I will give them the infos you provided me. Thank you

You’re welcome! Please let me know how it goes.

fixed! the bundle file was missing, we have to get it directly from the ssl issuer ??

??

That’s great news! Nice work, Marie ??

thanks!