Invoice Ninja 2.6.5 OpenSSL woes

Hi guys - I’m running 2.6.5 on the Bitnami stack. When I attempt to email an invoice I receive the following error:-

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

I have attempted to download the latest cacert.pem from and then pointing to openssl.cafile=/opt/bitnami/common/openssl/certs/cacert.pem in php.ini. After restarting the stack the same issue persists.

I’ve read around on the issue, and it seems that PHP 5.6+ enable verify_peer as default and there is no way of setting this option in php.ini anymore. Any ideas where I can modify the mailer code to allow me to fix this?

P.S - This issue does not appear to be related to my installed signed certificates for Apache2, as I have tested the certificate chain and it checks out fine.


Sorry, you’ll need to trace through the code.

In the past the two changes you’ve suggested have worked to solve the problem.

How is verify_peer configured in PHP 5.6? I’m looking to just set it to false

I believe you need to se it in the .ini file

Just did a grep for ‘verify_peer’ - Is this the file I should be modifying for the mailer function?



I’m sorry, I’m not familiar with our third party code.

I don’t see any option in my php.ini file in PHP 5.6 for disabling peer verification.

Maybe this will help…

Thanks - I’ve had a dig around, but I’m not competent enough with PHP to really know which file to modify. :confused:

I guess I could rollback to PHP 5.5 where the issue apparently doesn’t exist. I’d rather not however…

have you tried verifying your certificates with the openssl verify commands to verify your certificate. It will also verify you CSR.

Verify your Certificate file: openssl verify -CAfile fileName

If file failed verification message would look something like this: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
error 24 at 1 depth lookup:invalid CA certificate

But it would at least let you know if the Certificate isn’t corrupt

I switched my mail configuration settings across to a different provider (Gmail) and I was able to email invoices again. Previously I was using our Exchange 2013 server with a receive connector setup.

Oddly this setup worked without issues on a previous version of PHP. The Exchange SAN certificate checks out fine when performing tests on SSLLabs (chain is correct etc)

Not quire sure what openssl isn’t happy about with respect to my signed certificates from a trusted authority on Exchange 2013, I’ll have to do some more digging.

I’m pretty sure the cacert.pem isn’t corrupt as it’s a fresh download from


Thanks for sharing your solution.

This might not be exactly relevant to the previous case, but I found the issue was caused by SMTP Restrictions having been accidentally activated in WHM. As soon as this was disabled I was able to send again.

Hope that helps