当尝试使用phpMailer发送电子邮件时,在一直工作正常的生产服务器上突然开始出现以下错误:
电子邮件错误:HTTP错误:SMTP错误:无法连接到SMTP主机。连接失败。stream_socket_enable_crypto():SSL操作失败,代码为1。OpenSSL错误消息:错误:0A 000086:SSL例程::证书验证失败
在我的本地开发机器(它有匹配的Ubuntu、Apache、OpenSSL和php版本)上使用相同的邮件服务器和相同的phpMailer设置,以及在不同的服务器上使用相同的邮件服务器和相同的phpMailer设置,都可以正常工作。
以下是来自(非)发送服务器的echo QUIT | openssl s_client -crlf -starttls smtp -connect cwh5.canadianwebhosting.com:587的结果:
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
verify return:1
depth=0 CN = cwh5.canadianwebhosting.com
verify return:1
---
Certificate chain
0 s:CN = cwh5.canadianwebhosting.com
i:C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 4 00:00:00 2022 GMT; NotAfter: Feb 4 23:59:59 2023 GMT
1 s:C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
v:NotBefore: May 18 00:00:00 2015 GMT; NotAfter: May 17 23:59:59 2025 GMT
2 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
v:NotBefore: Jan 1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----我正在使用的PHPMailer测试代码:
$phpmailer->isSMTP();
$phpmailer->SMTPDebug = 2;
$phpmailer->SMTPAuth = true;
$phpmailer->SMTPSecure = "tls";
$phpmailer->Port = 587;
$phpmailer->Host = "cwh5.canadianwebhosting.com";
$phpmailer->Username = config::get('email_user');
$phpmailer->Password = config::get('email_pass');
$phpmailer->setFrom("info@mydomain.com", $_SERVER['SERVER_NAME']);
$phpmailer->addAddress("info@mydomain.com", "me");
$phpmailer->Body = "test email from $_SERVER[SERVER_NAME]";
$phpmailer->Subject = "phpmailer test";
$phpmailer->send();使用PHPMailer的phplist也存在此问题。
(非)发送服务器的详细信息
Ubuntu 22.04Apache2.4.52
开放SSL 3.0.2
PHP 8.1.2语言
php邮件服务器6.7.1
PHP信息OpennSSL部分x1c 0d1x
使用下面的解决方法是可行的,但由于这是一个生产环境,因此不是一个解决方案。
$phpmailer->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
)
);我尝试修改PHPMailer的stream_socket_enable_crypto以使用STREAM_CRYPTO_METHOD_TLS_CLIENT、STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT、STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT和STREAM_CRYPTO_METHOD_ANY_CLIENT,但没有成功。
有一件事我还没有尝试过,那就是手动下载证书并将openssl.cafile或openssl.capath值添加到php.ini中。我很犹豫是否要这样做,因为没有它它也能很好地工作(只需使用Openssl default config/usr/lib/ssl/openssl.cnf),而且它似乎增加了一层不希望的复杂性。
一个有趣的关联是,这是在服务器耗尽磁盘空间并崩溃的同一天开始的,我在重新启动服务器后也运行了apt update,我相信可能包含了一个小版本的php更新。
该问题似乎与Certificate verify failed SSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE中概述的问题非常相似,但那里的解决方案似乎是什么(过期的证书和/或标识为不同的域)
1条答案
按热度按时间bkkx9g8r1#
最后对我有效的解决方案是重新安装ca-certificates软件包:
第一个月
现在看起来很明显,但是我花了很长时间才弄明白。我希望这对某人有帮助!