Yes, that is odd. PHP cURL is connecting to everyamp.com from everyamp.com – that shouldn’t be a problem, but maybe your hosting provider is resolving everyamp.com to 127.0.0.1 for the local server, which might end up on a different virtual host (ie. a localhost virtualhost), which might be using a self-signed certificate. That’s just a wild guess though. You should contact your hosting provider to figure out why they’re handing out a self signed certificate for this connection.
js.
Thanks for the response. I started with Kinsta support first. Here’s what they said:
I'm not getting any broken pipes or cert warnings when I try to cURL or visit the image, so it's not the server SSL:
$ curl -IkL https://everyamp.com/wp-content/uploads/2023/01/Everyamp_03_Logo_Mark_01_Full_Color_RGB_5000px@72ppi.png
HTTP/2 200
date: Fri, 27 Jan 2023 21:33:31 GMT
content-type: image/png
content-length: 458658
cf-ray: 79049b6e0e5fadbc-ATL
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=315360000
etag: "63d2da8a-6ffa2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 26 Jan 2023 19:54:50 GMT
cf-cache-status: DYNAMIC
ki-cache-type: None
ki-cf-cache-status: BYPASS
ki-edge: v=17.16
x-content-type-options: nosniff
x-edge-location-klb: 1
server: cloudflare
alt-svc: h3=":443"; ma=86
How can we get you both together to find a resolution?
To replicate the problem, they would need to cURL from the server hosting your WordPress site.
js.
Here’s what he got:
$ ssh livingteslacom@35.236.1.200 -p 23960
livingteslacom@35.236.1.200's password:
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-1096-gcp x86_64)
_ ___ _
| |/ (_)_ __ ___| |_ __ _
| ' /| | '_ \/ __| __/ _` |
| . \| | | | \__ \ || (_| |_
|_|\_\_|_| |_|___/\__\__,_(_)
Hi There!
Your site's files are in the /www folder.
Git, Composer and WP-CLI are all available for use!
If you need help just open a ticket on https://my.kinsta.com
Have a marvellous day!
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
livingteslacom@EOS-livingteslacom:~$ curl -IkL https://everyamp.com/wp-content/uploads/2023/01/Everyamp_03_Logo_Mark_01_Full_Color_RGB_5000px@72ppi.png
HTTP/2 200
server: nginx
date: Fri, 27 Jan 2023 22:10:49 GMT
content-type: image/png
content-length: 458658
last-modified: Thu, 26 Jan 2023 19:54:50 GMT
etag: "63d2da8a-6ffa2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
Could be related to the PHP cURL library then I guess. Perhaps your WordPress CA certificates are out of date? The default CA certificate path is ABSPATH . WPINC . ‘/certificates/ca-bundle.crt’ (ie. wordpress/wp-includes/certificates/ca-bundle.crt). Are you using an old version of WordPress?
js.
We’re on the current WordPress version 6.1.1.
Kinsta handles the certificates for us and they’re up to date as best as I can tell: https://www.ssllabs.com/ssltest/analyze.html?d=everyamp.com
Is there somewhere specific that I should check?
Is there somewhere specific that I should check?
Perhaps your WordPress CA certificates are out of date? The default CA certificate path is ABSPATH . WPINC . ‘/certificates/ca-bundle.crt’ (ie. wordpress/wp-includes/certificates/ca-bundle.crt).
js.
The CA certificates are for certificate authorities – those authorized to sign certificates. Make sure the CA certificate bundle from WordPress is not missing from ABSPATH . WPINC . ‘/certificates/ca-bundle.crt’, otherwise PHP cURL will not be able to validate the certificate signatures, which is what an error code 60 suggests.
js.
Ok, so we found that ca-bundle.crt was outdated for some reason and updated it to the current version from WordPress. However, I’m still not able to set the image. I’ve tried a different image with different resolution and I get the same error:
The value of option “site_org_logo_url” must be a valid image URL – resetting this option to its default value.
WPSSO caches the result for 5 mins. Try clicking on the SSO > Tools and Actions > Clear Failed URL Connections.
js.
To be considered a valid image URL by WPSSO, PHP’s getimagesize() function must return an array with the 3rd element (image type) a positive number.
3, for example, is a PNG file:
array
(
0=>'UNKNOWN',
1=>'GIF',
2=>'JPEG',
3=>'PNG',
4=>'SWF',
5=>'PSD',
6=>'BMP',
7=>'TIFF_II',
8=>'TIFF_MM',
9=>'JPC',
10=>'JP2',
11=>'JPX',
12=>'JB2',
13=>'SWC',
14=>'IFF',
15=>'WBMP',
16=>'XBM',
17=>'ICO',
18=>'COUNT'
);
Spoke too soon. I just attempted to do the banner URL and I’m back to the SSL error:
Error retrieving https://everyamp.com/wp-content/uploads/2023/01/Banner_WPSSO_600x60.png for caching (after 0.008 seconds). cURL error code 60 SSL certificate problem: self signed certificate. SSL verification failed with code 18. Additional requests to retrieve this URL will be ignored for another 600 second(s).
-
This reply was modified 1 year, 2 months ago by everyamp.