Moderator
Yui
(@fierevere)
永子
this error happened because of OpenSSL/GnuTLS bug and AddTrust Root CA certificate been expired.
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
Jetpack.com is using SSL certificate issued by Sectigo and was affected by this problem. Currently Jetpack.com certificate has been fixed
Are you still having issues?
Yes, I’m still having issues.
Maybe I should give it a few days for this issue to be fixed…
–Chuck
I’ve removed and reinstalled the JetPack plugin and I’m still encountering the above issue.
I ran an SSL test. Here are the results:
https://www.ssllabs.com/ssltest/analyze.html?d=chucksregard.com&s=63.250.43.1&hideResults=on&latest
I don’t know how to read this, it appears my cert doesn’t support DNS CAA. Is this a correct reading?
It also appears that Jetpack.com has the same issue: https://www.ssllabs.com/ssltest/analyze.html?d=jetpack.com&s=192.0.78.24&hideResults=on&latest
Thanks,
Chuck
-
This reply was modified 3 years, 10 months ago by Chuckie.
Moderator
Yui
(@fierevere)
永子
curl error 60 appears for outgoing connections from your site.
(In other words – your local SSL certificate is not used for this)
DNS CAA is not important for establishing connections, its used by SSL Authorities only to determine if domain owner permits them to issue new certificate for domain. (No DNS-CAA means – all authorities can issue certificates)
Your local certificate has a problem – Incomplete chain
this can cause incoming SSL connections to fail (Jetpack is using both in and out connections)
Please fix your certificate chain (or ask your webhosting support to do so)
Those certificates marked as “Extra download” must be included in your server certificate chain.
USERTrust RSA Certification Authority (root CA/or intermediate) MISSING
Sectigo RSA Domain Validation Secure Server CA (intermediate) MISSING
chucksregard.com (Your server certificate)
If possible – ask your webhosting support to enable/implement SSL Session tickets, this will greatly increase connection performance for subsequent requests.
@fierevere Thank you for your help, it turned out that the SSL cert was installed incorrectly.