Installing SSL gives me PHP errors


#1

BLUF: Cockpit works well without SSL. Installing SSL gives me PHP errors. Why?


My System:

  • MacOS Mojave
  • Apache 2.4
  • PHP 7.3

The Background:

I installed Cockpit and built a front end in two separate folders with virtual hosts.

  • Cockpit CMS
    • Located in project-folder/cms/
    • Virtual host: cms.project-folder.test
  • Front end files (PHP, CSS, JS)
    • Located in project-folder/site/
    • Virtual host: project-folder.test

I created some content in Cockpit, and displayed the content in my front end via PHP. This works.

Then I wanted to use SSL…

The Problem:

  1. I installed SSL certs in project-folder/certs and project-folder/certs/cms, and configured them in my virtual hosts config file.

  2. I added the certs to my Keychain, and SSL works. I know it’s configured correctly, as I’m successfully using the same method for 4 other sites with no problem.

  3. I setup SSL in .htaccess files in both the cms and site folders.

    1. /project-folder/site/.htaccess:

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
      
    2. /project-folder/cms/.htaccess:

      I followed the existing rewrite code in Cockpit’s .htaccess:

      # URL rewrites
      <IfModule mod_rewrite.c>
      
          Options -MultiViews
      
          RewriteEngine On
          # RewriteBase /
      
          # Protect some contents
          RewriteRule ^.*/?\.git+ - [F,L]
      
          RewriteCond %{REQUEST_FILENAME} !-f
          RewriteCond %{REQUEST_FILENAME} !-d
          RewriteRule .* index.php [L]
      
      </IfModule>
      

      with this code:

      # SSL
      <IfModule mod_rewrite.c>
      
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
      
      </IfModule>
      

Now when I open cms.project-folder.test it correctly redirects to https://cms.project-folder.test and I can login to Cockpit without issues.

When I want to view the front end, when I open project-folder.test it correctly redirects to https://project-folder.test, but instead of loading content from Cockpit, I get several error messages like this:

The Error Message:

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in
  1. Does Cockpit work with SSL?
  2. Does it seem like my SSL is configured wrong in .htaccess?
  3. Does it seem like the problem is in my PHP (even though it works fine without SSL)?

#2

Hi,

I didn’t ever experience any issues with ssl enabled websites. where does the error occur on https://cms.project-folder.test or https://project-folder.test?

It looks like a server/php configuration issue. Maybe this article helps https://stackoverflow.com/questions/32211301/ssl-error-ssl3-get-server-certificatecertificate-verify-failed :man_shrugging:


#3

where does the error occur?

https://project-folder.test

Thanks for the StackOverflow link. I did come across that earlier, but I’m not really sure what I would change in my setup.

Dumb question – Is Cockpit tested on PHP 7.3?


#4

@paulshryock, I did not perform any exhaustive tests, but it seems running pretty well for me, I’m using https://github.com/wodby/php, however, a check on https://github.com/php/php-src/blob/PHP-7.3/UPGRADING for backward incompatibilities should be performed.


#5

Found first issue with 7.3 - Seems that PHPMailer needs to be updated as it raises some deprecation messages - https://github.com/PHPMailer/PHPMailer/issues/1548