Strange cURL error 60 on kinsta

My domain is: https://www.supereight.net

I ran this command: Our site is hosted on kinsta.com. Their bot updated our SSL (letsencrypt) on Sunday. Since then I get the below error when running a WordPress plugin that previously worked fine. The strange thing is that when I check the SSL certificate it comes back fine and valid. So, is it possible that something else could cause this error about the SSL? I spoke to Kinsta support and they say it is not possible for the SSL to be self-signed. I am completely stumped!

It produced this output: cURL error 60: SSL certificate problem: self signed certificate

My web server is (include version):

The operating system my web server runs on is (include version): Nginx

My hosting provider, if applicable, is: Kinsta.com

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes, kinsta.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Hi,

I also don't think that error message make sense if it was referring to your website. However, since it's related to one specific WordPress plugin, it might be better if you contact their support team or open a thread in WordPress.org plugin directory.

3 Likes

I can't reproduce your error from my end. Are you connecting to the right IP address? (35.242.143.237)

And could you please give the entire output of the curl command? Including the command used?

4 Likes

I concur with @stevenzhu and @Osiris.


Although curl is returning a
HTTP/1.1 410 Gone
and
HTTP/2 410
Which I am not used to seeing.

1 Like

Hi @skullo27

checking your domain there is no critical problem visible - https://check-your-website.server-daten.de/?q=supereight.net#portchecks

No one of the typical additional ports are open, only SSH answers:

supereight.net
22
SSH
open
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3

Is it possible that this addon uses a special port, there with a self signed certificate?

Your ip address sends

CN=*.kinsta.com, OU=EssentialSSL Wildcard, OU=Domain Control Validated
	03.10.2018
	01.01.2021
expires in 66 days	*.kinsta.com, kinsta.com - 2 entries

connecting via https, so there is no self signed.

2 Likes

Hi thanks for the quick reply. I do apologise, I am new to this forum and I am not that technical. The plugin is a WordPress plugin called WP All Import. Our host said to speak to the plugin dev, we did, they gave us a workaround and said speak to the host saying it looks like invalid certificate chain. So both pointing fingers at each other like normal! This is strange as it is an import plugin importing a CSV data file on a URL from our domain. It just complains about cURL. Obviously, we have ruled out plugin conflicts etc, and thought I'd post here to see if anyone had seen such a thing before in case it was related to the SSL as this is the only that has changed in our set up since I before we started getting the error (no plugin or code updates etc.).

2 Likes

Is the CSV file also hosted on the hostname you provided? On www.supereight.net or supereight.net? Because SSLLab also think your host served complete certificate chain... So i don't think there is any issue from the public facing side. It's really interesting that curl is returning 410 Gone instead of regular content.


1 Like

Without details we can't help you.. We can only just make some wild guesses.. Very wild..

If you want our help, I recommend you share more details: the problematic URL for one would help. And more verbose logging of the curl error: the complete command and output.

1 Like

But I do so LIKE guessing wildly - LOL

In this case (until actual facts are known), I guess...
There is an "SNI" type problem (or lack thereof) - without which "the wrong cert" is being presented.
But that is, of course, is just a wild guess (I guess) for now.

READERS: Get involved. Be heard. Do your part with: If you read something you like, then like it :heart:

1 Like

Hi, I do apologise, as I say I am new, not that technical and just looking for help. I understand it is impossible to help me without details as you do not know my set up. So...

  • I cannot give a URL as it is only presenting itself as an error in the admin area of WordPress, not the front end. The plugin "WP All Import" itself is only for admin functionality anyway.
  • Regarding logging, there is nothing appearing in the wordpress debug log and our host has not seen anything unusual in their logs.
  • Input/output: I did give the error message, that is the only output I can see, regarding the complete input command, I am unsure of what exactly to provide for this.

What I can say, is that it is trying to import data from a file that is stored at our domain, so for example https://www.supereight.net/somedirectory/somedatafile.csv. Interestingly, I do not get the cURL SSL error if I retrieve the file using a local file path, so for example /www/mydomain/somedirectory/somedatafile.csv. So it seems there is something funny about a full URL rather than a local path.

I also tried using a custom cert. from ZeroSSL and got the same error, so maybe this is not unique to Lets Encrypt. Maybe the SSL error is a red herring...

I hope that info helps.

Thanks.

1 Like

Perhaps you should ask the developers of WP All Import for guidance. Perhaps there's a setting for the plugin that makes it log more info or something like that.

And I see after the ZeroSSL cert you issued another Let's Encrypt certificate, even when you got the exact same certificate on the 27th.. Please be more mindful about the Let's Encrypt resources: every certificate issued costs load on the infrastructure. It should have been possible to use the previous certificate. (This also counts for the three certificates issued on the 26th and 25th....)

1 Like

Hi, yes I did reach out to WP All Import, they said it was an SSL problem and I should speak to the host.

I am sorry about the resource usage, although this is not possible as the certificate is issued by our host and there is only the option to add a new one, just reuse the previous. I think they are integrated directly with Lets Encrypt.

Could you perhaps explain more about the above? I'm not familiair with this plugin at all. You've given an example, but that example probably wouldn't result in the error, as your certificate is fine. Can you give more information about how the WP All Import plugin has been setup? What the current settings are? What files are currently being imported et cetera?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.