Skip to main content

curl not working over ssl - loopback error

howdoi
been struggling with a loopback issue for a while now and finally decide that better minds than mine are needed to resolve. I have a working cURL on site within same server. Both sites are running on diedicated IP addresses. However, site running on comodo ssl does not work for curl and reports loop-back error. More explicitly, I get the following: 140770FC:SSL SSL23_GET_SERVER_HELLO:unknown protocol additionally, multiple programs have all reported an issue with loopback for this one ip. However, not much more info has been given so unsure if it is a loopback issue or as the above error suggested a protocol issue. I did attempt to enable all protocols and nothing appears to make a difference on that front. Advice, what is next step? (or hopefully, someone has already confronted this issue and resolved and knows exactly how to fix :cool: ) here is apache config to help ensure no issues with protocols [LIST]
  • fileetag: None
  • keepalive: Off
  • keepalivetimeout: 5
  • maxclients: 150
  • maxkeepaliverequests: 100
  • maxrequestsperchild: 10000
  • maxspareservers: 10
  • minspareservers: 5
  • root_options: ExecCGI, FollowSymLinks, IncludesNOEXEC, Indexes, SymLinksIfOwnerMatch
  • serverlimit: 256
  • serversignature: Off
  • servertokens: ProductOnly
  • sslciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  • sslprotocol: All +TLSv1.2 -SSLv2 -SSLv3
  • startservers: 5
  • timeout: 300
  • traceenable: Off

    • Comments

    7 comments

    Date Votes
    • howdoi
      also, real cron through cpanel works for backups and other task, so not sure what exactly causes this issue but it seems pretty prevalent throughout the web without much clarity of the root issue. Hopefully, we can change that with this thread.
      0
    • massafiri
      Have you checked EasyApache to make sure you have SSH cURL enabled?
      0
    • howdoi
      Yes. SSHCURL has been configured in Easyapache3 and recompliled. I'm running cloudlinux on a VPS.
      0
    • howdoi
      additionally, the error response from several plugins is along the lines of this: Error #9038: Loopback test error: `SSL certificate problem: self signed certificate`. URL: `
      0
    • cPanelMichael
      Hello :) Is the cron job associated with a specific application, or are you testing this with your own custom PHP scripts? The reason I ask is because I've seen this issue resolved in the past by users updating specific WordPress plugins. Thank you.
      0
    • howdoi
      following up. I think I resolved this issue. Not sure how exactly, but here's my assumption. Originally the site was not routing properly, which may have been an issue with cloudlinux and cagefs not being properly set up in the beginning. During this time, to get site to route properly, I had to add site url to host.conf. After getting CL properly tweaked, it appears that virtualhost settings took hold and are being properly configured (at a basic level) at the time of account creation in whm. Once this occurred, the previous hack/repair of using site urls in host config file must have created a conflict and caused routing of curl to use servers self-signed ssl instead of specific sites registered ssl. Again, this is my assumption. I made quite a few attempts to fix and this is the only one within proximity to the time that the issue showed resolution. @cPanelMichael If you know my above assumption to be incorrect, then please advise as it would be nice to have certainty on what exactly resolved the issue. Kind Regards
      0
    • cPanelMichael
      Again, this is my assumption. I made quite a few attempts to fix and this is the only one within proximity to the time that the issue showed resolution. @cPanelMichael If you know my above assumption to be incorrect, then please advise as it would be nice to have certainty on what exactly resolved the issue.

      I'm not sure what specific changes you made, and to which particular hosts file, however your explanation makes the most sense as to why it was not detecting the correct SSL certificate. Thank you.
      0

    Please sign in to leave a comment.

    Didn't find what you were looking for?

    New post