1

I am using PHP to send emails via Amazon SES. I am calling the API repeatedly in order to send around 1000 personalised emails. However, after every 25 calls to the API I receive the following error:

Fatal error: Uncaught exception 'Aws\Ses\Exception\SesException' with message 'Error executing "SendEmail" on "https://email.eu-west-1.amazonaws.com"; AWS HTTP error: cURL error 77: error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)' exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 77: error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)' in phar:///home/robcowen/public_html/scripts/aws.phar/GuzzleHttp/Handler/CurlFactory.php:187 Stack trace: #0 phar:///home/robcowen/public_html/scripts/aws.phar/GuzzleHttp/Handler/CurlFactory.php(150): GuzzleHttp\Handler\CurlFactory::createRejection(Object(GuzzleHttp\Handler\EasyHandle), Array) #1 phar:///home/robcowen/public_html/scripts/aws.phar/GuzzleHttp/Handler/CurlFactory.php(103): GuzzleHttp\Handler\CurlFactory::finishError(Object(GuzzleHttp\Handl in phar:///home/robcowen/public_html/scripts/aws.phar/Aws/WrappedHttpHandler.php on line 159

I can't find any reference in the documentation to a limit. I have tried to delay my loop by either sleep(30) after each block of 20 API calls, or sleep(1) after each call. Neither works.

Does anybody have any ideas, please?

Rob
  • 128
  • 1
  • 7
  • 29
  • Curl complains about ssl certificate, maybe you are not properly making your requests? – Muhammed Mar 01 '16 at 20:39
  • 1
    SES has limits in terms of [send rate](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/manage-sending-limits.html). Also, make sure that your account is not in sandbox mode. – Nicolas Mar 01 '16 at 20:42
  • I am not in sandbox mode. My limits are: Sending Quota: send 50000 emails per 24 hour period Quota Used: 0% as of 2016-03-01 20:23 UTC Max Send Rate: 14 emails/second – Rob Mar 01 '16 at 20:43
  • @MuhammedM. I don't know much about SSL, but the emails are sending fine the first 25 times I call the API, then failing. – Rob Mar 01 '16 at 20:44
  • @Nicolas I can see I have a 14 email/sec limit, but I would've thought my sleep(1) after each call should've slowed it down enough to stop that being an issue? – Rob Mar 01 '16 at 20:47
  • 1
    That's bizarre. Perhaps the cert is cached & expires on amazon's side after 25 calls? I've heard of TKS certificate validation services that expire a cert after set number of uses & look for the client to send a new copy. You could try changing the options for certification verification, similar to what is described here: https://github.com/aws/aws-sdk-php/issues/868. As suggested there you could try using the SesFactory to set 'ssl.certificate_authority' => 'system' – obi1 Mar 01 '16 at 20:48
  • As i said your error message states ssl error, not a limit error. I found this - http://stackoverflow.com/questions/6400300/https-and-ssl3-get-server-certificatecertificate-verify-failed-ca-is-ok – Muhammed Mar 01 '16 at 20:49
  • @obi1 I've tried setting ssl.certificate_authority to 'false' and 'system'. Neither worked. :( – Rob Mar 01 '16 at 20:59
  • how long does it take to start working again? what do you do to get it working again? – obi1 Mar 01 '16 at 21:17
  • @obi1 As soon as I run the code again, it works fine. I don't change anything to run it again (apart from starting my for loop at the next email address to avoid my users receiving duplicate emails). – Rob Mar 01 '16 at 21:21
  • I'm seeing any reports of this on google, which is odd. For giggles, you could try updating your curl: http://stackoverflow.com/questions/3160909/how-do-i-deal-with-certificates-using-curl-while-trying-to-access-an-https-url or if you get desperate you could try making your curl insecure to narrow down the issue: http://stackoverflow.com/questions/3160909/how-do-i-deal-with-certificates-using-curl-while-trying-to-access-an-https-url/30154802#30154802. Other than that, good luck man. – obi1 Mar 01 '16 at 22:44
  • Weirdly, if I increase the sleep() to 5 seconds per API call, it fails after a similar number of calls, but without the error message. – Rob Mar 02 '16 at 19:05

1 Answers1

0

In my experience with such errors, it occurs when there's a multiple requests to read the file through socket, so at some point during the loop it cannot find the certificate and creates an error.

A bad way to fix it is to add sleep(1) before each call, to give it time to load the cert on each request.

A better way to fix it, is by sending a json list of 1000 users to the API or using a mailing list (I did it on other providers than SES though). One request, 1000 users, much more efficient and CPU friendly for both machines in interaction.

Shay
  • 2,060
  • 2
  • 16
  • 22