WordPress.org

Ready to get started?Download WordPress

Forums

Jetpack by WordPress.com
[resolved] Jetpack servers won't accept Self Signed Certificates (15 posts)

  1. mapkyca
    Member
    Posted 1 year ago #

    I've been trying to get a reply from anyone about this for ages now.

    WordPress software - in this case Jetpack, but also the iOS client - will not accept the usage of self signed ssl certificates. Nobody will comment as to why, if this deliberate and by design, or a bug.

    In brief: when attempting to perform the initial connection from a WordPress install to the jetpack servers, I get a "site inaccessible" and details of the cURL error produced. This error is the standard one you get when connecting to a self signed https server with peer validation switched on.

    There is a separate, but related, issue with the iOS client which has been reported, unresolved and in some cases ignored, for months/years (http://ios.forums.wordpress.org/topic/user-should-be-able-to-override-ssl-certificate-warnings-1?replies=5 http://ios.trac.wordpress.org/ticket/1306)

    I view this as a bug, but if it's a policy decision to not provide an admin bypass, and wordpress have no intention of supporting self signed certificates in their software products, could someone please comment?

    At the very least could someone update the various FAQs so myself, and others, can stop wasting our time trying to chase this up?

    http://wordpress.org/extend/plugins/jetpack/

  2. designsimply
    Member
    Plugin Contributor

    Posted 1 year ago #

    Based on the Trac link you sent, it does appear that the iOS developers do have it filed in Trac and it will probably be addressed at a later date. It's hard to say when that might happen though. If it's an issue that's an edge case, it's a possibility that it could wait longer than other priorities.

    I'm not sure about the Jetpack servers, but I will try to see what I can find out about that.

  3. Michael Adams (mdawaffe)
    Member
    Plugin Author

    Posted 1 year ago #

    I can speak for Jetpack.

    It was a design decision to not allow self-signed certificates. We have since reevaluated that decision. Now it's a bug.

    Unfortunately, I don't have an ETA on when that bug will be fixed for Jetpack.

  4. mapkyca
    Member
    Posted 1 year ago #

    Ahh, many thanks for clearing that up!

  5. Jorge Bernal
    Member
    Posted 1 year ago #

    It's coming :) http://ios.trac.wordpress.org/changeset/3700

    Now, it's not possible (or I haven't found out how) to permanently trust a ssl certificate from the app, so it'll prompt about it every time it relaunches. But at least the site can be used

  6. Joe Torma
    Member
    Posted 1 year ago #

    I have a site running on a virtualmin server with a valid ssl certificate (no browser errors at all) and Jetpack is still throwing Error Details: The Jetpack server was unable to communicate with your site [IXR -32300: transport error: http_request_failed SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]

    The certificate is fine - GoDaddy cert correctly installed and verifiable.

    I have similar configurations on other cPanel based servers which run on SSL and connect to jetpack without problem. Is anyone else experiencing this certificate issue with Jetpack running on a virtualmin based system?

  7. Michael Adams (mdawaffe)
    Member
    Plugin Author

    Posted 1 year ago #

    Joe,

    Without a URL, I can't say for certain, but it's probably because your server is sending only your certificate, not the intermediary ones between yours and the root of the certificate chain.

    GoDaddy does not sign the certificates with their root certifcate; they sign them with an intermediate certificate which you must configure your webserver to send alongside your certificate.

    Your site is accessible in your browser without SSL warnings because your browser has the GoDaddy intermediate certificate installed by default. Your site is not accessible by our Jetpack servers because OpenSSL (the SSL library we and many others use) does not include these sorts of intermediate certificates.

    If you compare the certificate information you send to what we send on https://wordpress.com/, you can see we send the intermediate certificates as well (we are both using GoDaddy).

    It's not just a Jetpack problem. Not sending the intermediate certificates almost certainly breaks other things besides OpenSSL (older browsers, some mobile devices, etc.).

    Assuming my guess about the problem is correct, if you configure your webserver to send the intermediate certificates as well, everything should start working.

    If you're using Apache as your webserver, here's a FAQ about SSL verification and intermediate certificates: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#gid

  8. lupinehorror
    Member
    Posted 1 year ago #

    i, too, have this issue. running on a VPS with parrallels plesk panel. the domain actually has a proper ssl certificate (signed by alpha ssl) but there's one that parallels have signed for the raw IP.
    my error is as follows
    Your website needs to be publicly accessible to use Jetpack: site_inaccessible
    and then
    Error Details: The Jetpack server was unable to communicate with your site [IXR -32300: transport error: http_request_failed SSL certificate problem: unable to get local issuer certificate]

  9. Michael
    Member
    Posted 1 year ago #

    I have started to receive this error as well, after successfully connecting over 120 sites on the same network, with the same account.

    Your website needs to be publicly accessible to use Jetpack: site_inaccessible
    Error Details: The Jetpack server was unable to communicate with your site [IXR -32300: transport error: http_request_failed SSL certificate problem: unable to get local issuer certificate]

    The certificate is issued by InCommon CA (the certificate authority for Internet2 members) for *.princeton.edu. You can see the details of the cert at https://blogs.princeton.edu

  10. berkayozcan
    Member
    Posted 1 year ago #

    Hi,

    I also take an error at Jetpack Notifications in my blog (sonsuzlukkulesi.com).

    -10520: Jetpack: [http_request_failed] SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.

    Is there a solution for this subject?

  11. Jeremy Herve
    Happiness Engineer
    Plugin Author

    Posted 1 year ago #

    @berkayozcan Can you please try installing the Jetpack Compatibility Plugin so we can see some additional information from your site?

    1) Download the plugin from http://plugins.svn.wordpress.org/jetpack/branches/jetpack-compatibility-test.zip
    2) Upload the plugin to your site via Dashboard -> Plugins -> Add New.
    3) Activate the plugin and go to Plugins -> Jetpack Compatibility Test.
    4) Click the "Select All" button.
    5) Send us the test results via this contact form:
    http://en.support.wordpress.com/contact/?jetpack=needs-service

    Thanks!

  12. berkayozcan
    Member
    Posted 1 year ago #

    Thank you for your interes Jeremy.

    I have sent the test result via contact form.

  13. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 1 year ago #

    Thanks Berkayozcan, I replied by email!

  14. berkayozcan
    Member
    Posted 1 year ago #

    Richard, lots of thanks for your help.

    After receiving your email, i understood the problem :). I did not make your advises since I have just simply upgrade the PHP version of my server from 5.2 to 5.3.

    There is not any problem for now.

  15. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 1 year ago #

    Glad to have helped!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic