CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute (Moderator: Donald Lobo) »
  • All donations failing with error "unable to get local issuer certificate" SOLVED
Pages: [1]

Author Topic: All donations failing with error "unable to get local issuer certificate" SOLVED  (Read 2035 times)

Sean Madsen

  • I post occasionally
  • **
  • Posts: 98
  • Karma: 5
  • CiviCRM implementer/developer
    • Bikes Not Bombs
  • CiviCRM version: 4.6
  • CMS version: Drupal 7
All donations failing with error "unable to get local issuer certificate" SOLVED
March 01, 2015, 09:37:57 am
A donor alerted me that she encountered an error when attempting to make a donation. I'm able to reproduce it consistently and it seems that all financial transactions are failing with this error message:

Payment Processor Error message
60: SSL certificate problem: unable to get local issuer certificate

The most recent online donation made was 2 weeks ago, and based on the volume of donations we normally process, I'd say this problem has likely been present for almost two weeks without anyone informing us. I can not think of any changes to our server or Civi installation that I've made in the past two weeks.

We are using Authorize.net. They don't have phone support today, but if I'm not able to resolve this soon I'll be calling them first thing tomorrow.

Worth noting that recurring donations through Authorize.net are continuing to succeed and automatically post to CiviCRM.

Nothing appears in the CiviCRM log when I attempt to make a donation.

Googling has led me to some pages about making sure I have php configured to work with curl. Yep. I have php5-curl installed and I see "cURL support enabled" when viewing a phpinfo() page.

My SSL certificate is valid for another year and a half. Site is https://bikesnotbombs.org


Registration was scheduled to open today for a huge event, and now we're delaying it due to this issue, so I'd really appreciate any advice! I will keep pounding my head against a wall but I'd love to have some other ideas for things to try here!!


Running Civi 4.5.5 on Drupal 7.34 on Ubuntu 14.04.1 LTS
« Last Edit: March 02, 2015, 06:23:35 am by Sean Madsen »

Sean Madsen

  • I post occasionally
  • **
  • Posts: 98
  • Karma: 5
  • CiviCRM implementer/developer
    • Bikes Not Bombs
  • CiviCRM version: 4.6
  • CMS version: Drupal 7
Re: Help!! All donations failing with error "unable to get local issuer certificate"
March 01, 2015, 01:18:03 pm
Still not solved. Here are some things I've tried so far as I continue to troubleshoot...
  • Restarted server -- then same behavior
  • sudo aptitude remove php5-curl -- then different error msg when submit contrib ("Payment Processor Error message 9001: Authorize.Net requires curl with SSL support")
  • curl -sv https://www.authorize.net > test from line -- successfully connects with SSL to Authorize.net website and downloads home page. Interesting. 
  • Edit /etc/php5/fpm/php.ini and changed ;curl.cainfo = (commented out) to curl.cainfo = /home/sean/Entrust.netCertificationAuthority2048.pem which the root cert for Authorize.net's CA that I downloaded


Really at my wits end here!! Need more things to try!!!

Hershel

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4640
  • Karma: 176
    • CiviHosting
  • CiviCRM version: Latest
  • CMS version: Mostly WordPress and Drupal
Re: Help!! All donations failing with error "unable to get local issuer certificate"
March 02, 2015, 05:55:53 am
Did you try testing PHP's curl? See

http://www.experts-exchange.com/Networking/Protocols/SSL/Q_28492335.html

More ideas specific to Ubuntu here also:

http://serverfault.com/questions/417038/why-is-my-new-ubuntu-12-04-unable-to-verify-a-verisign-ssl-certificate
CiviHosting and CiviOnline -- The CiviCRM hosting experts, since 2007

See here for the official: What to do if you think you've found a bug.

Sean Madsen

  • I post occasionally
  • **
  • Posts: 98
  • Karma: 5
  • CiviCRM implementer/developer
    • Bikes Not Bombs
  • CiviCRM version: 4.6
  • CMS version: Drupal 7
Re: Help!! All donations failing with error "unable to get local issuer certificate"
March 02, 2015, 06:21:50 am
YES!!!!!!

Hershel you are a life saver!

This did it for me (from the second link you gave)

sudo update-ca-certificates --fresh

Very confused as to how this problem originated. Any ideas? I have unattended upgrades turned on for Ubuntu, and there were some upgrades applied during the window of time when I know the problem began. But other than that, I've changed basically nothing about the server. Crossing my fingers that it doesn't come back! Are there steps I should take to prevent this from happening again in the future?
« Last Edit: March 02, 2015, 06:24:08 am by Sean Madsen »

Hershel

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4640
  • Karma: 176
    • CiviHosting
  • CiviCRM version: Latest
  • CMS version: Mostly WordPress and Drupal
Re: Help!! All donations failing with error "unable to get local issuer certificate"
March 02, 2015, 06:25:55 am
Quote from: Sean Madsen on March 02, 2015, 06:21:50 am
Very confused as to how this problem originated. Any ideas? 

One of a thousand things went wrong--very hard to know. Don't ask me if I recommend Ubuntu for a webserver, however, or what we can do to fix this.

Quote from: Sean Madsen on March 02, 2015, 06:21:50 am
  Are there steps I should take to prevent this from happening again in the future?

I told you not to ask about that. ;)

I don't recommend Ubuntu for a webserver (nor for anything for that matter).

If you have reasons for yes using it, then it could well be that you have things set up right. Something may have gone wrong (what is known as a hiccup) and it may just never happen again. Very hard to know. :(
CiviHosting and CiviOnline -- The CiviCRM hosting experts, since 2007

See here for the official: What to do if you think you've found a bug.

mdlueck

  • Ask me questions
  • ****
  • Posts: 382
  • Karma: 4
  • CiviCRM version: 4.7.24
  • CMS version: Drupal 6.x
  • MySQL version: 5.5.54
  • PHP version: 5.3.10
Re: Help!! All donations failing with error "unable to get local issuer certificate"
March 19, 2015, 06:23:15 pm
Quote from: Sean Madsen on March 02, 2015, 06:21:50 am
I have unattended upgrades turned on for Ubuntu

I suspect Ubuntu for what ever reason does not periodically call the above mentioned command to refresh the security certs.

That command will download updated security certs directly and bypass what is available from the Ubuntu repository... sort of forking off to unmanaged / newer / latest files.

Quote from: Sean Madsen on March 01, 2015, 09:37:57 am
My SSL certificate is valid for another year and a half. Site is https://bikesnotbombs.org

Oh, and it is not your site's cert which was in error. It is the certs your server caches down to use to communicate security to your CC gateway... server to server, not your server to someone with a web browser contacting your server. Your cert is only used for the latter communication, the former one is as if your server is a client to your CC gateway's server.

I am thankful,
« Last Edit: March 19, 2015, 06:28:17 pm by mdlueck »
--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute (Moderator: Donald Lobo) »
  • All donations failing with error "unable to get local issuer certificate" SOLVED

This forum was archived on 2017-11-26.