I have attempted to download the latest cacert.pem from http://curl.haxx.se/ca/cacert.pem and then pointing to openssl.cafile=/opt/bitnami/common/openssl/certs/cacert.pem in php.ini. After restarting the stack the same issue persists.
I’ve read around on the issue, and it seems that PHP 5.6+ enable verify_peer as default and there is no way of setting this option in php.ini anymore. Any ideas where I can modify the mailer code to allow me to fix this?
P.S - This issue does not appear to be related to my installed signed certificates for Apache2, as I have tested the certificate chain and it checks out fine.
have you tried verifying your certificates with the openssl verify commands to verify your certificate. It will also verify you CSR.
Verify your Certificate file: openssl verify -CAfile fileName
If file failed verification message would look something like this: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
error 24 at 1 depth lookup:invalid CA certificate
But it would at least let you know if the Certificate isn’t corrupt
I switched my mail configuration settings across to a different provider (Gmail) and I was able to email invoices again. Previously I was using our Exchange 2013 server with a receive connector setup.
Oddly this setup worked without issues on a previous version of PHP. The Exchange SAN certificate checks out fine when performing tests on SSLLabs (chain is correct etc)
Not quire sure what openssl isn’t happy about with respect to my signed certificates from a trusted authority on Exchange 2013, I’ll have to do some more digging.
I’m pretty sure the cacert.pem isn’t corrupt as it’s a fresh download from http://curl.haxx.se/ca/.
This might not be exactly relevant to the previous case, but I found the issue was caused by SMTP Restrictions having been accidentally activated in WHM. As soon as this was disabled I was able to send again.
