Support » Fixing WordPress » Error: WordPress could not establish a secure connection to WordPress.org

  • Resolved peterbb

    (@peterbb)


    I’ve installed WordPress 4.8.2 on OpenBSD 6.2. I’ve installed and loaded the php-curl package, since someone on the internet claimed it is needed.

    The page is up and running—seems to work fine; I can upload media, edit and save themes in Appearance -> Editor (so that should mean it has write access, something I’ve also checked manually), create posts, the site looks beautiful when viewed, etc.

    The problem I’m trying to solve, is to change the site language. I’ve gone to Settings -> General, but the Site Language option is not there. However, by enabling WP_DEBUG I can see the following error message:

    Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /htdocs/<redacted>/wp-admin/includes/translation-install.php on line 65

    The same error also appears other pages, such as Plugins -> Add New.

    From the shell on the server, I can curl both http://api.wordpress.org/translations/ and https://api.wordpress.org/translations, and receive a HTTP response—so there is nothing on the server blocking access.

    I’ve tried the following, with no difference in outcome:

    • Disable firewall.
    • I’ve enabled caching dns, and I’ve also tried to add entries to /etc/hosts, in order to speed up DNS-lookup.
    • In—for instance wp-admin/includes/translation-install.php—I’ve changed timeout to 3000 at line 44 in my file.

    I’ve rebooted the server between these efforts. The outcome is exactly as before.

    Could anyone offer any help? Thanks in advance.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Moderator Steve Stern

    (@sterndata)

    The “secure connection” error usually comes if you’re not running the latest version of OpenSSL.

    Thanks for the lead!

    OpenBSD uses LibreSSL by default, not OpenSSL, so that might be why. openssl version gives LibreSSL 2.6.3, but I guess that doesn’t tell us too much.

    I’ll try to dig further into it now, but if anyone has some more details, then please tell me!

    Edit: Simply installing openssl-1.0.2l and restarting did not change anything—as expected, I guess. I guess I’ll need to either make it use openssl (recompile php? :/) or figure out where the php-code fails.

    • This reply was modified 1 month, 1 week ago by  peterbb.

    I have managed to narrow the problem down to the combination of cURL and ipv6. From # curl -6 google.com ,which prints curl: (7) Couldn't connect to server, and # ping6 -c 1 google.com, which print

    PING google.com (2a00:1450:400e:803::200e): 56 data bytes
    ping6: sendmsg: No route to host

    we can see that ipv6 is not working on the machine. I wonder if this is related to
    Ramnode — OpenBSD IPv6 Issue (my OpenBSD server is running on a Ramnode KVM).

    I tried to configure curl to use IPv4, by adding curl_setopt($this->handle, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); in wp-includes/Requests/Transport/cURL.php after the handle is created in the constructor, but this had no effect. Both CURLOPT_IPRESOLVE and CURL_IPRESOLVE_V4 are defined, so I would have thought it would work. 🙁

    • This reply was modified 1 month, 1 week ago by  peterbb.
    Moderator Steve Stern

    (@sterndata)

    hmmmm… I tend to forget about IPV6 as we don’t have it at home and 99.999% of all connections to my own server use IPv4.

    peterbb

    (@peterbb)

    Update: IPv6 is now working on the server, but there are still problems. To see that IPv6 works, curl -6 google.com spits out some html from google.

    Now, both curl https://api.wordpress.org/translations/core/1.0/ and curl http://api.wordpress.org/translations/core/1.0/ spits out all the supported languages, but curl -6 https://api.wordpress.org/translations/core/1.0/ gives curl: (6) Could not resolve host: api.wordpress.org (it also happens with http). This makes sense, since there is no AAAA record for api.wordpress.org as far as I can see.

    Edit: This is intentional, cf. https://meta.trac.wordpress.org/ticket/3090

    But it’s not like I *want* to use IPv6, so why is curl trying to use it anyway?

    • This reply was modified 1 month ago by  peterbb.
    • This reply was modified 1 month ago by  peterbb.
    peterbb

    (@peterbb)

    Done! Finally everything is working.

    Added the line curl_setopt($this->handle, CURLOPT_RESOLVE, array("api.wordpress.org:80:66.155.40.187", "api.wordpress.org:443:66.155.40.187")); in wp-includes/Requests/Transport/cURL.php. What an absurd problem.

    @peterbb
    Thanks a lot!
    I met the same trouble and now I fix it with your method!

    
    	/**
    	 * Constructor
    	 */
    	public function __construct() {
    		$curl = curl_version();
    		$this->version = $curl['version_number'];
    		$this->handle = curl_init();
    
    		//SaFly.ORG Adaption
    		curl_setopt($this->handle, CURLOPT_RESOLVE, array("api.wordpress.org:80:66.155.40.187", "api.wordpress.org:443:66.155.40.187", "downloads.wordpress.org:80:66.155.40.203", "downloads.wordpress.org:443:66.155.40.203"));
    
    		curl_setopt($this->handle, CURLOPT_HEADER, false);
    		curl_setopt($this->handle, CURLOPT_RETURNTRANSFER, 1);
    		if ($this->version >= self::CURL_7_10_5) {
    			curl_setopt($this->handle, CURLOPT_ENCODING, '');
    		}
    		if (defined('CURLOPT_PROTOCOLS')) {
    			curl_setopt($this->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
    		}
    		if (defined('CURLOPT_REDIR_PROTOCOLS')) {
    			curl_setopt($this->handle, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
    		}
    	}
    
    

    Let me make it more detailed 🙂

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    You should probably use a more future proof way, rather than altering the core files.

    Something like this should do the trick (untested):

    
    add_action('http_api_curl', 'custom_curl_resolve', 10, 3 );
    function custom_curl_resolve( $handle, $r, $url ) {
    	curl_setopt($handle, CURLOPT_RESOLVE, array(
    		"api.wordpress.org:80:66.155.40.187", 
    		"api.wordpress.org:443:66.155.40.187", 
    		"downloads.wordpress.org:80:66.155.40.203", 
    		"downloads.wordpress.org:443:66.155.40.203")
    	);
    }
    

    You could add on to this, if you like, and add logic to check the $url to see if it matches one of those and then you’d only be adding the ones you need.

    The http_api_curl happens before the request to curl_exec is fired, and curl is already init’d by that point, so much of the rest of the code that sets options you have could be added there if those are needed.

    This code could be contained in a plugin or in a mu-plugin and would survive upgrades.

    Edit: Note that the http_api_curl hook is there for backwards compatibility. If you want to use the same hook but specific to the Requests system, that hook is requests-curl.before_send.

    • This reply was modified 12 hours, 34 minutes ago by  Samuel Wood (Otto). Reason: add new hook name
Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.