admin管理员组文章数量:1327661
I have upgraded my Multisite setup WordPress to 3.6.1. And after that, when I do Network Upgrade > Database Upgrade
it's showing:
Warning! Problem updating
. Your server may not be able to connect to sites running on it.
Error message: Peer certificate cannot be authenticated with known CA certificates
What happened please?
Info
- I'm currently running the Site under Trusted Wildcard SSL (not self-signed), but installed on the Load-balancer only. (Apache Servers doesn't (need to) have the Cert installed, apparently.) Is this the root cause?
- The Database is at Amazon RDS (with the default settings) which is not with SSL there. *
I have upgraded my Multisite setup WordPress to 3.6.1. And after that, when I do Network Upgrade > Database Upgrade
it's showing:
Warning! Problem updating
http://www.example/site1
. Your server may not be able to connect to sites running on it.Error message: Peer certificate cannot be authenticated with known CA certificates
What happened please?
Info
- I'm currently running the Site under Trusted Wildcard SSL (not self-signed), but installed on the Load-balancer only. (Apache Servers doesn't (need to) have the Cert installed, apparently.) Is this the root cause?
- The Database is at Amazon RDS (with the default settings) which is not with SSL there. *
9 Answers
Reset to default 1If possible, you should try and fix the cause of this error - invalid SSL certificates. But there are some instances where this is not possible or desirable. One obvious one being development sites using a self-signed SSL certs.
One way around this is to set $ssl_verify to false before line 1161 of wp-includes/class-http.php:
curl_setopt( $handle, CURLOPT_SSL_VERIFYHOST, ( $ssl_verify === true ) ? 2 : false )
The way I've done this in the past is by adding:
$ssl_verify = false;
To line 1159, before doing a multi-site upgrade and removing it afterwards. It looks like there should be much more sophisticated way of doing this. It looks from the code around it that judging by the code around it that you should be able to parse paramater sslverify=false but that doesn't appear to work (probably because the upgrade wrapper doesn't pass through the parameters).
To avoid making changes to Core I would un-do this change once you have completed the upgrade.
I don't know if this will help or not, but worth a try. Create a Must Use plugin and drop this lines, see code comments:
<?php
/* Plugin Name: Network upgrade exception */
// Run only in the Upgrade screen
add_action( 'load-upgrade.php', 'add_filter_wpse_115279' );
function add_filter_wpse_115279()
{
add_filter( 'http_request_args', 'apply_filter_wpse_115279', 10, 2 );
}
// http://core.trac.wordpress/browser/tags/3.6.1/wp-admin/network/upgrade.php#L68
// wp_remote_get( $upgrade_url, array( 'timeout' => 120, 'httpversion' => '1.1' ) );
// This function will end up calling WP_Http class, where we can use the filter http_request_args
function apply_filter_wpse_115279( $args, $url )
{
# Adjust var <----------------------------------
$ms_domain_to_check = 'http://example/site1/';
if( FALSE !== strpos( $url, $ms_domain_to_check ) )
{
$args['sslverify'] = false;
}
return $args;
}
/**
* Full list of arguments in
* http://core.trac.wordpress/browser/tags/3.6.1/wp-includes/class-http.php#L84
$defaults = array(
'method' => 'GET',
'timeout' => apply_filters( 'http_request_timeout', 5),
'redirection' => apply_filters( 'http_request_redirection_count', 5),
'httpversion' => apply_filters( 'http_request_version', '1.0'),
'user-agent' => apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . get_bloginfo( 'url' ) ),
'reject_unsafe_urls' => apply_filters( 'http_request_reject_unsafe_urls', false ),
'blocking' => true,
'headers' => array(),
'cookies' => array(),
'body' => null,
'compress' => false,
'decompress' => true,
'sslverify' => true,
'stream' => false,
'filename' => null,
'limit_response_size' => null,
);
*/
That error is probably due the use of cURL in the Wordpress multisite updating proccess. By default cURL will try to verify the SSL certificate with an accepted CA in a bundled set of CA certificates.
You have at least four options:
Make sure you are using the last version of cURL in your PHP installation to ensure the set of used CA is updated.
Manually set the path to your SSL certificate:
curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($AuthNetConn, CURLOPT_CAINFO, "path:/ca-bundle.crt");
Bypass the SSL verification:
curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, false);
Check your SSL certificate is valid and issued by an accepted CA.
For options 2 and 3 you may need to filter the arguments used by WordPress to make the http requests.
See @brasofilo's answer, it may work.
Anyway, you should investigate why the verification of the SSL is failing instead of just bypassing it.
In many cases, you may use the following filter to disable local ssl verification. This is useful for self-signed certificates errors.
add_filter('https_local_ssl_verify', '__return_false');
The current version v4.3.0 determins if a request is "local" with the following, in wp-includes/class-http.php
// Determine if this request is to OUR install of WordPress.
$homeURL = parse_url( get_bloginfo( 'url' ) );
$r['local'] = 'localhost' == $arrURL['host'] || ( isset( $homeURL['host'] ) && $homeURL['host'] == $arrURL['host'] );
unset( $homeURL );
In some cases, the local consideration may not work, in which case you may consider the more inclusive filter, add_filter('https_ssl_verify', '__return_false');
Multisite installations with mixed http
and https
schemes may find more information on trac, upgrade.php fails with mixed HTTPS (SSL) and simple HTTP sites
Regardless, a manual workaround is to visit each child site's /wp-admin/upgrade.php
Another related description, http://scottnelle/683/ssl-error-upgrading-wordpress-multisite-network/
It is possible to upgrade/update the database for each child site individually by visiting:
https://rootsite/subsite/wp-admin/upgrade.php
See also related core trac ticket, Database is not upgraded in multisite if loopback is disabled
As mentioned before Scott Nelle suggests this:
Create a file in wpcontent/mu-plugins/
and name it something like network-upgrade-ignore-ssl.php
. Put the following in the file:
<?php
add_filter('https_ssl_verify', '__return_false');
add_filter('https_local_ssl_verify', '__return_false');
?>
On a WordPress multisite instance at AWS EC2 Hosting we got a similar problem, of curl6 while updating the network after adding a new site, to the WP and the DNS records with an " A " Record resolving at the same networks static ip.
Actually this was very simple it was just the Database Transits that were causing these issues we used the free version of WP-Optimize to Run All Optimizations, then upgraded the Network and this worked.
Modifying core files with $ssl_verify = false; (Not Recommneded)
was not a solution for us as we are using Google AMP Native " Standard Mode " which needs SSL to be verified at every point.
for SSL we are using the Really Simple SSL ( Free ) that too is to be activated on the URL for better use.
Thanks.
I am using Wordpress 3.8.1 and I changed line 67 of wp-admin/network/upgrade.php and added , 'sslverify' => false like this:
--- a/wp-admin/network/upgrade.php 2014-03-29 14:31:28.081943490 +0100
+++ b/wp-admin/network/upgrade.php 2014-03-29 14:30:52.785947460 +0100
@@ -64,7 +64,7 @@
$upgrade_url = admin_url( 'upgrade.php?step=upgrade_db' );
restore_current_blog();
echo "<li>$siteurl</li>";
- $response = wp_remote_get( $upgrade_url, array( 'timeout' => 120, 'httpversion' => '1.1' ) );
+ $response = wp_remote_get( $upgrade_url, array( 'timeout' => 120, 'httpversion' => '1.1', 'sslverify' => false ) );
if ( is_wp_error( $response ) )
wp_die( sprintf( __( 'Warning! Problem updating %1$s. Your server may not be able to connect to sites running on it. Error message: <em>%2$s</em>' ), $siteurl, $response->get_error_message() ) );
do_action( 'after_mu_upgrade', $response );
This way the verification is only disabled in this specific case and with a patch file you can easily apply the changes after an upgrade:
# go to the directory with wp-admin/ in it
cd wordpresshomedir
# without --dry-run if there are no errors
patch --dry-run -p1 < ../disable-sslverify.patch
The right solution is checking the server TIME. If it is wrong SSL doesn't work fine.
本文标签: Multisite database upgrade SSL error
版权声明:本文标题:Multisite database upgrade SSL error 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742229803a2437011.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论