PHPMailer - OpenSSL Error

Question

Based on the example that PHPMailer provides i have the script below,

date_default_timezone_set('Etc/UTC');
require './PHPMailerAutoload.php';
$mail = new PHPMailer;
$mail->isSMTP();
$mail->SMTPDebug = 2;
$mail->Debugoutput = 'html';
$mail->Host = 'smtp.gmail.com';
$mail->Port = 587;
$mail->SMTPSecure = 'tls';
$mail->SMTPAuth = true;
$mail->Username = "myemail@example.com";
$mail->Password = "********";
$mail->setFrom('myMail@example.com', 'First Last');
$mail->addReplyTo('myEmail@example.com', 'First Last');
$mail->addAddress('toEmail@example.com', 'first last');
$mail->Subject = 'PHPMailer GMail SMTP test';
$mail->Body = "example";
$mail->AltBody = 'This is a plain-text message body';

if (!$mail->send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
} else {
echo "Message sent!";
}

Even if that is the exactly the same as the original example, i cannot get it to work.

The error that i get is

Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /opt/lampp/htdocs/webmail_client_practise/class.smtp.php on line 344 SMTP Error: Could not connect to SMTP host.

Notice: The OpenSSL extension in my php.ini file is already opened.

Answer 1

In my case, the problem was with the server network configuration, and there was no local reference to the provided certificate's signing authority. The server was not allowed to connect to the internet, thus it could not verify the certificate validity with the provided trusted Certificate Authority (CA) list. In this case, the PHP openSSL module tries to validate the cert using the OS-managed cert stores, or with a the specified CA list file.

There are three solutions for this problem:

1. Obviously, you can create a rule in your firewall, to enable the online validation process to take place. In this case, you need to allow the server to connect to the URL of your certiface signer's CA store. To find the required URL, you can use this article: https://www.digicert.com/kb/util/utility-test-ocsp-and-crl-access-from-a-server.htm

2. You can add the public key of your CA to the OS-managed cert stores. On linux, follow this article or on windows, follow this one.

3. You can configure the openssl.cafile attibute in your php.ini file. For this, you need a cacert.pem file from a trusted source, like: https://curl.se/docs/caextract.html Download the latest version, and reference it in your php.ini, like this: openssl.cafile="c:/absolute/path/to/cacert/file/cacert.pem"

Any of the three options above should solve the problem, choose the one that is most convenient for you. In my opinion, no. 3) is the easiest to make happen as a software developer.

Answer 2

I solved a similar problem by reinstalling the ca-certificates package on my ubuntu server with:

sudo apt-get install --reinstall ca-certificates

Answer 3

I was experiencing the exact same error as in the original question (yes 4 years later), and was able to solve it by changing the following within class.smtp.php (in both /includes/classes and /admin/includes/classes if they exist -- otherwise only in the PHPMailer main directory).

Change:

STREAM_CRYPTO_METHOD_TLS_CLIENT

to:

STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

It has to do with the updating of the TLS version in more recent PHP versions.

Source: https://forums.oscommerce.com/topic/410367-phpmailer-tls-12/

Answer 4

This is because you're running PHP 5.6 and it's verifying your certs, but your server is presenting invalid certs so it's failing. Both PHPMailer and PHP are correct in what they are doing - the code is not at fault. You can either fix your mail server, or do what it suggests in the troubleshooting guide, which is:

$mail->SMTPOptions = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);

And as the guide says, you should not do this unless you have to - it's compromising your security.