Curl ssl error

i’m running a site on wordpress, one of the plugins tries to use a RSS feed to pull latest episodes down. worked fine with current website (phlogger.co.uk), host and cloudfare in tandem until this week.

now getting this error showing:
cURL error 60: SSL certificate problem: certificate has expired

spoke to my website hosting provider and said proxy certificate has expired - which means cloudflare. i dont understand where this is. can anyone help?

I haven’t been able to reproduce this problem. What’s the easiest way to do that?

Hi

The only way I knew is in my wordpress site,I run a plugin that syndicates new podcast episodes. Have no issues elsewhere.

My website host put this:

Please note phlogger.co.uk is using Cloudflare and the visible certificate is the Cloudflare once.
Also, it seems the proxy certificate is thrown that error.

You might need to use a separate certificate on the server.

Basically, Cloudflare secures the half connection between browsers and Cloudflare, you need another one covering the connection between Cloudflare and the server.

So if we start with the certificate presented to the visitor by Cloudflare, that one looks alright to me. Then your host appears to suggest that the certificate on your server is somehow invalid. I can’t check that, but depending on the encryption mode configured in the Cloudflare dashboard (SSL/TLS) traffic might very well be passed successfully despite the status of your own server certificate.

Moving on to WordPress, that is definitely not my area of expertise. But if the plugin somehow connects to your server directly (to update some WP content?), then an expired certificate on your server could be problematic. Maybe the next step would be to confirm that the certificate on your server actually has a problem. Are you somehow managing the certificate yourself or can you ask your host?

Edit to add: You might also ask yourself, is this error caused by my certificate? It’s not clear where this plugin is connecting.

Thanks for you reply and time.

I have tried different SSL settings in cloudflare, if I switch off the proxy setting it says it’s like a year out of date or similar.

I doubt it’s the plugin as that reads a RSS feed to upload a new article.

The host said they could sort the SSL if I turn off the proxy. Problem is that was days ago and no pages work if I leave it off.

Let’s see if I’m on the right track. As far as I understand, your visitors are not experiencing any issues? The expired certificate message in only something you see when you work with this plugin?

Hi

Yes spot on thinking, the plugin (powerpress) reads the rss feed (see image attached) and creates a standard wordpress post. I’ve run curl commands on my website and the url of my podcast feed https://anchor.fm/s/3417154/podcast/rss. They both show valid certs.

It’s why im confused.

Right. Then my theory is that there’s nothing wrong with your website, meaning that there is no reason to modify the Cloudflare encryption mode to use/not use the server certificate or remove the proxy functionality as suggested by the host. It’s a long shot, but I noticed that anchor.fm uses a Let’s Encrypt certificate. I’m not familiar with the details, but I’ve read about some expiring Let’s Encrypt root or intermediate certificate here and elsewhere the last few days. It could be that your server is affected by that. Otherwise PowerPress must be doing some internal connection on your server, like talking to “localhost”, because if it talked to your .co.uk domain it shouldn’t have an issue with the certificate.

Hi mate

Thanks so much for trying to help.

I’ve run curl commands on all websites involved and all look fine including anchor.fm - if it was them there would be tens of thousands of people having issues (including some very famous people).

Powerpress just uses the rss to create the post, i dont think it will be looking internally at all - as the podcast is hosted with anchor but you never know.

Its confusing and annoying as I cant publish the latest podcast without it!

You ran the curl commands from your computer, I guess? I don’t know what kind of server access you have, but it would be interesting to troubleshoot it in the same way from a command line there (SSH connection or similar). Since the Let’s Encrypt thing appears to affect certain clients, I think it’s more about what your server (well, the curl application/library) and that particular installation trusts in terms of certificate issuers.

Regarding post creation, I have no idea how it works to be honest but I imagined it might connect to the WordPress API to add a post. Might not at all be how it works :grinning_face_with_smiling_eyes: