Getting error "Warning: stream_socket_enable_crypto(): SSL operation failed with code 1" when testing website contact form (phpmailer) in localhost

ram
ram used Ask the Experts™
on
Getting error message when testing website contact form (phpmailer) in localhost:

"Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in C:\xampp\htdocs\phpmailer\class.smtp.php on line 368"

This website is an old project that was never published, but I remember that the contact form was working when I last tested it in localhost. I think its got an older version of PHPmailer, but I'm not really sure how check that.

And I understand that this is a certificate error and updating it may fix the problem, but I don't really know how to do that. Please advise.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Suggests the site you're connecting to (likely a relay service or other MTA) has a broken SSL certificate.

If you have control of the relay/MTA where you're connecting, be sure to verify the SSL config is correct.

If you don't have control of this site, open a ticket with the site owner to fix their SSL config.
ram

Author

Commented:
I'm sorry, could you please elaborate? I'm not well-versed in web development so please bear with me.

Are you pertaining to the SMTP server that we're using for the contact form, or the website we're developing has a broken SSL certificate?
This problem is probably not with the server you're connecting to. If it's an old site, it's probably running an old OS, and it's very likely that your certificate authority (CA) certificate bundle is outdated, and thus your server is unable to verify certificates of sites you connect to.

Note that in this case it applies only to outbound email connections - it's nothing to do with the site's own certificate which is is used for inbound HTTPS connections, which are not affected by the local CA bundle.

There is lots of documentation on this problem and how to fix it in the PHPMailer troubleshooting guide.

The short version: make sure your OS is fully up to date (CA certificates are usually updated via this mechanism), or alternatively install a fresh bundle manually, either system-wide, or just for PHP, which has php.ini directives allowing you to point at a CA certificate file and/or path.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

ram

Author

Commented:
Could you please show me how to manually install certificates? I am using Windows 10 as my development web server, and I am using xampp Apache server for my php website.

I think my OS is up-to-date but I'll try running windows update.
It's in the guide - though the instructions are for linux, it's basically the same - download the file from curl's site, save it somewhere, put the path to it in your php.ini.
ram

Author

Commented:
Ok, so I followed the guide but it's still giving me the same error.

I downloaded the "cacert.pem" file and copied it to my Apache server directory, and then I changed the openssl.cafile and curl.cainfo paths to point to the certificate.
ram

Author

Commented:
I was reading through forums and found this option:

$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,	
'verify_peer_name' => false,
'allow_self_signed' => true));

Open in new window


It worked. But I'm using this code only for testing. I will remove it before I submit our website to our web host. My question now is will the contact form work on our web host's server? I'm pretty sure they' have up-to-date certificates, right?
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Tip: Trying to debug this in PHP... a serious time vortex...

Use SWAKS instead.

Once you can send a message via SWAKS, you'll know all your exact PHP settings for a successful send.
ram

Author

Commented:
Thanks for the tip David!

So do you think once I go live, this won't be an issue anymore?
What you've done to make it "work" is to disable TLS certificate checking, which undermines what you're using TLS for in the first place. Did you restart apache/php-fpm to be sure it picked up the php.ini changes? You can inspect them with phpinfo() or php-i on a command line. It's also possible to pass in a path to the CA bundle in the SMTPOptions array. Since this is a PHP config issue and not a code problem, testing using things other than PHP isn't likely to be very helpful.
ram

Author

Commented:
Like I said before, I'm only using the "fix" to test. I'm using it to skip the certificate verification just to make sure nothing else is wrong with my contact form. I'm not using it when I publish the website. Please read my previous comment.

I did restart Apache when I updated the certificate and it's still giving me the same error.

From my understanding, and please correct me if I'm wrong, it's my web development server that has a broken/outdated/bad certificate, correct? So when I publish the website on our web host's server, I shouldn't get the same error anymore, right?
No, it's nothing to do with your site's certificate. It's to do with validating the certificate presented by the mail server that your PHP script is connecting to. It may be that your dev server has an up to date CA bundle, but you can't tell without trying it. You can test by using a separate web or command line script that is not part of your site, so you don't need to update your contact form before you know.
ram

Author

Commented:
So what exactly should I do to fix this? Could you please give me more specific instructions? I know I'm supposed to do the legwork but I'm honestly lost so I'm not sure how to continue.
Read the PHPMailer troubleshooting guide, do the tests described in there. There's no point in me retyping it here.
ram

Author

Commented:
Thank you for all the help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial