Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

How to fix CA certificates issue on Debian 9
New on LowEndTalk? Please Register and read our Community Rules.

How to fix CA certificates issue on Debian 9

I had a Debian 8 VPS (OpenVZ) and it was working flawlessly. I am using mybb forum and it was able to send emails using 3rd party email service.

Then I moved my site to a new VPS running Debian 9 and ever since I am facing problem in sending emails. I suspect it has something to do with CA certificates because whenever I try to access any https based site using wget then I get error so I have to use "--no-check-certificate".

I don't know if it is due to Debian 9 or the problem is in how provider installed Debian 9 (I am Linux noob)

mybb is throwing following error message whenever it tries to send email.

When I use TLS to send email
Error: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086ConfusedSL routines:tls_process_server_certificate:certificate verify failed

When I use SSL to send email
Error: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086ConfusedSL routines:tls_process_server_certificate:certificate verify failedError: fsockopen(): Failed to enable cryptoError: fsockopen(): unable to connect to ssl://smtp.zoho.com:465 (Unknown error)Error: stream_set_timeout() expects parameter 1 to be resource, boolean given

Comments

  • apt-get install ca-certificates

    Thanked by 1alilet
  • aliletalilet Member
    edited January 2018

    @mksh said:
    apt-get install ca-certificates

    I got following error when I ran the command:

    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following additional packages will be installed:
    openssl
    The following NEW packages will be installed:
    ca-certificates openssl
    0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
    Need to get 725 kB/921 kB of archives.
    After this operation, 1752 kB of additional disk space will be used.
    Do you want to continue? [Y/n]
    Err:1 http://ftp.us.debian.org/debian stretch/main amd64 openssl amd64 1.1.0f-3
    404 Not Found
    E: Failed to fetch http://ftp.us.debian.org/debian/pool/main/o/openssl/openssl_1.1.0f-3_amd64.deb 404 Not Found
    E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

    It seems like both URL are no longer working. Seems strange!

    **EDIT **
    Ok I am able to fix it by running apt-get update and then apt-get upgrade. Certificates are now installed and outgoing mail is working. Thanks.

  • WSSWSS Member

    apt-get update && apt-get install ca-certificates && pay for managed hosting

  • @WSS said:
    apt-get update && apt-get install ca-certificates && pay for managed hosting

    Yup this did the trick. Thanks.

  • IshaqIshaq Member, Provider

    @WSS said: && pay for managed hosting

    -bash: pay: command not found

    [BudgetNode] DDoS Protected. 7 Locations (US/EU). Check out our latest offer!
  • WSS said: apt-get update && apt-get install ca-certificates && yes pay for managed hosting

    Corrected that for you. @Ishaq it should work nicely now ;-)

  • @WSS said:
    apt-get update && apt-get install ca-certificates && pay for managed hosting

    I am already paying for the internet aka managed hosting.

  • MrHMrH Member

    hacked in 3 2 1...

  • alilet said: I am already paying for the internet aka managed hosting.

    >

    Always welcome. ;) ;)

    Thanked by 1alilet

    https://www.24x7servermanagement.com, Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !!

  • @MrH said:
    hacked in 3 2 1...

    My server is behind 7 proxies. Besides first you need to write a program in Visual Basic to trace the IP.

    Thanked by 1Janevski
  • @alilet said:

    @MrH said:
    hacked in 3 2 1...

    My server is behind 7 proxies. Besides first you need to write a program in Visual Basic to trace the IP.

    nextgenhacker101 already did that for me. He called it "tracer tee":

    Thanked by 1alilet

    I like my uptime down low and my servers all hacked. Can see me droppin' twenty-fours with a router in the rack.
    Ya like ya Switch-Ports hot and ya servers all hacked. If ya pings real high and ya networks pitch black.

  • @alilet said:

    @MrH said:
    hacked in 3 2 1...

    My server is behind 7 proxies. Besides first you need to write a program in Visual Basic to trace the IP.

    Seven weeks, seven mountains, seven rivers, seven beds, seven chairs, seven pots, seven chamber pots, 7-up, seven dwarfs, seven proxies...

    Thanked by 1mksh

    You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?
    „Homo homini rattus.“ | It's not nightmare, it's reality, but it's still nightmare.

  • WSSWSS Member

    @alilet said:

    @MrH said:
    hacked in 3 2 1...

    My server is behind 7 proxies. Besides first you need to write a program in Visual Basic to trace the IP.

    Do you have stairs in your proxy?

  • jarjar Provider

    @alilet said:

    @MrH said:
    hacked in 3 2 1...

    My server is behind 7 proxies. Besides first you need to write a program in Visual Basic to trace the IP.

    My friend who hacked his jr high school network to change his grades says he hacked your IP hard drive and knows what you did last summer.

    Thanked by 3Aidan MrH cassa

    Founder @ MXroute

  • mkshmksh Member
    edited January 2018

    @choiminzi said:
    It seems like both URL are no longer working. Seems strange!

    **EDIT **
    Ok I am able to fix it by running apt-get update and then apt-get upgrade. Certificates are now installed and outgoing mail is working. Thanks.

    There is nothing strange about this. It just means your package lists are quite out of date. That's why apt-get update fixes it. It also hints at you not updating regularly which can prove to be fatal given the right circumstances.

    Thanked by 1alilet
Sign In or Register to comment.