9

I use PHPMailer, along with Apache and PHP, locally. When I test my SSL config and my cacerts I get

default_cert_file = C:\Program Files\Common Files\SSL/cert.pem
default_cert_file_env = SSL_CERT_FILE
default_cert_dir = C:\Program Files\Common Files\SSL/certs
default_cert_dir_env = SSL_CERT_DIR
default_private_dir = C:\Program Files\Common Files\SSL/private
default_default_cert_area = C:\Program Files\Common Files\SSL
ini_cafile = 
ini_capath =

and then, I do 

 var_dump(fsockopen("smtp.gmail.com", 465, $errno, $errstr, 3.0));
 var_dump($errno);
 var_dump($errstr);

and I get

fsockopen resource(2) of type (stream) int(0) string(0) ""

In my php.ini I have curl.cainfo = C:/php/cacert.pem in the curl part and it works.

But when I try to use PHPMailer to send a mail from localhost, I keep getting 

SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 
Failed to enable crypto
unable to connect to ssl://smtp.gmail.com:465 (Unknown error)

I also went to the account used in the SMTP, in https://accounts.google.com/DisplayUnlockCaptcha and enable it. And to https://myaccount.google.com/lesssecureapps?pli=1 and enabled less secured apps. I guess this is an SSL error and not a PHPMailer. Frankly, I am confused dont know how to fix it. Excuse my ignorance, any help on whats is going wrong and how to fix it , would be great.

PS, this my php file that sends the mail. Thank you

<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;    
require 'C:/php/PHPMailer/src/Exception.php';
require 'C:/php/PHPMailer/src/PHPMailer.php';
require 'C:/php/PHPMailer/src/SMTP.php';

$mail = new PHPMailer(true);                             
try {

    $mail->SMTPDebug = 3;
    $mail->isSMTP();                                      
    $mail->Host = 'smtp.gmail.com'; 
    $mail->SMTPAuth = true;                               
    $mail->Username = 'slevin@gmail.com';                 
    $mail->Password = 'secret';                           
    $mail->SMTPSecure = 'ssl';                            
    $mail->Port = 465;                                    

    //Recipients
    $mail->setFrom('slevin@gmail.com');
    $mail->addAddress('jacob@gmail.com');     


    //Content
    $mail->isHTML(true);                                 
    $mail->Subject = 'subject';
    $mail->Body    = 'HTML message body <b>in bold!</b>';
    $mail->AltBody = 'body in plain text';

    $mail->send();
    echo 'Message has been sent';
} catch (Exception $e) {
    echo 'Message could not be sent.';
    echo 'Mailer Error: ' . $mail->ErrorInfo;
}            
?>

Update

When I try with $mail->SMTPSecure = 'ssl'; and $mail->Port = 465; I get 

2017-10-01 13:04:25 Connection: opening to ssl://smtp.gmail.com:465, timeout=300, options=array()
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): Failed to enable crypto [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 Connection failed. Error #2: stream_socket_client(): unable to connect to ssl://smtp.gmail.com:465 (Unknown error) [C:\php\PHPMailer\src\SMTP.php line 324]
2017-10-01 13:04:26 SMTP ERROR: Failed to connect to server: (0)
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Message could not be sent.Mailer Error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

When I try with $mail->SMTPSecure = 'tls'; and $mail->Port = 587; I get 

2017-10-01 13:07:20 Connection: opening to smtp.gmail.com:587, timeout=300, options=array()
2017-10-01 13:07:21 Connection: opened
2017-10-01 13:07:21 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP l4sm5217189wrb.74 - gsmtp
2017-10-01 13:07:21 CLIENT -> SERVER: EHLO localhost
2017-10-01 13:07:21 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [85.75.196.114]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250 SMTPUTF8
2017-10-01 13:07:21 CLIENT -> SERVER: STARTTLS
2017-10-01 13:07:21 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2017-10-01 13:07:21 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [C:\php\PHPMailer\src\SMTP.php line 403]
SMTP Error: Could not connect to SMTP host.
2017-10-01 13:07:21 CLIENT -> SERVER: QUIT
2017-10-01 13:07:21 SERVER -> CLIENT: 
2017-10-01 13:07:21 SMTP ERROR: QUIT command failed: 
2017-10-01 13:07:21 Connection: closed
SMTP Error: Could not connect to SMTP host.
Message could not be sent.Mailer Error: SMTP Error: Could not connect to SMTP host.
jww
  • 97,681
  • 90
  • 411
  • 885
slevin
  • 4,166
  • 20
  • 69
  • 129
  • 1
    fsockopen just opens a TCP connection, it doesn’t do a TLS handshake, so that’s not telling you anything. Using `SMTPSecure = 'tls'` and port 587 may show more feedback in debug output. – Synchro Oct 01 '17 at 11:18
  • @Synchro I did what you said and now I get `Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed ` and then `SMTP Error: Could not connect to SMTP host.`. I am a beginner. What confuses me is that my SSL config and certs look ok and yet I still get errors. Maybe I can update my certs? Thanks. – slevin Oct 01 '17 at 12:41
  • Show what’s in your debug output, not just the final error message. – Synchro Oct 01 '17 at 13:01
  • @Synchro Check the update in the question. – slevin Oct 01 '17 at 13:09
  • OK, that at least shows you are not being redirected somewhere else. I suggest using openssl (as described in the troubleshooting guide) to check that your CA certificates file is working - Google will not be publishing an invalid cert. – Synchro Oct 01 '17 at 14:40
  • @Synchro So sorry that I cannot help both you and me. I dont know how to do this. Or what part of the guide actually checks the certs. `echo (extension_loaded('openssl')?'SSL loaded':'SSL not loaded')."\n";` echoes `SSL loaded`. Writing `openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:587` in the cmd (windows 10) gives `'openssl' is not recognized as an internal or external command, operable program or batch file.` Btw, I am looking at this guide `https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting`. – slevin Oct 01 '17 at 15:22
  • Ah, I don’t know how you should install openssl on windows. Search for that, or whatever the equivalent is. – Synchro Oct 01 '17 at 19:30
  • @Synchro Dont know if this makes any difference, but the code worked for about 50 times using `SMTPSecure = 'ssl'` and `$mail->Port = 465`. Send about 50 e-mails. And then just stopped again, showing the aforementioned errors. Do openssl certifications have a use limit? Or is this a random, happy accident? – slevin Oct 01 '17 at 21:29
  • No, no use limit, but Gmail does have a send volume limit. Not sure how that manifests though. – Synchro Oct 01 '17 at 21:35
  • @Synchro Then again, I guess that if the error was limit-related, Google would not allowed the connection. So the error would be something like "connection closed", not "certificate verify failed". This is killing me! – slevin Oct 01 '17 at 22:06
  • @slevin Have you found a solution to this problem in the end? I'm having the exact same problem on Windows Server 2016 with PHP 7.0.25; sent at least 200 emails in this configuration and it suddenly stopped working. By the way, other SMTP servers (with TLS) are working fine, it's just smtp.gmail.com that's not working. So strange... – Dennis Ameling Nov 07 '17 at 08:50
  • check my answer here it may help https://stackoverflow.com/a/60709451/5068530 – vikas etagi Mar 16 '20 at 16:14

3 Answers3

8

Just had the same error message, maybe you've got the same issue:

  • my certificate is good (I can go to the HTTPS domain without any issue)
  • can't run the same request through PHP's stream_context_create and stream_socket_client
  • I want SSL certificate to be checked

Testing the same domain through cURL returned:

curl: (60) SSL certificate problem: certificate is not yet valid

Turns out my virtual machine in which I've run both PHP and cURL had 11 days of error (december 11th instead of december 22th).

By fixing the computer/virtual machine's date (using ntp, ntpdate-debian or the like), the certificate test now runs fine, in both cURL command-line or PHP.

Yvan
  • 2,539
  • 26
  • 28
  • 1
    Yep, this was the problem for me just now. This problem with Homestead drives me crazy every day: https://github.com/laravel/homestead/issues/799 Usually the symptom is something different. I hadn't had this particular error before, but you're right that synching the clock fixed it. – Ryan May 26 '19 at 15:13
0

I was getting this error on my Windows Development machine. I checked and double-checked the validity of certificates. They seemed fine.

Testing with:

openssl s_client -crlf -starttls smtp -connect smtp.gmail.com:587

Resulted in some surprising output:

issuer=OU = generated by AVG Antivirus for SSL/TLS scanning, O = AVG Web/Mail Shield, CN = AVG Web/Mail Shield Root

My anti-virus was getting in the way, perhaps with an expired self-issued certificate. Once I turned off the anti-virus, sending email was just fine.

This is certainly not a all encompassing solution, but it may help some.

James John McGuire 'Jahmic'
  • 11,728
  • 11
  • 67
  • 78
-2

I encountered this on a new Windows IIS server recently. The cURL call was to my own domain from a batch script, both of which are running on the same server.

I'd added 

127.0.0.1  mydomain.com

to the hosts file, and I'd forgotten to remove it when I changed the public DNS.

The server is behind Cloudflare, so my cURL was getting a CF origin certificate and not the real one certificate served by Cloudflare.

Removing the hosts entry cleared the problem.

IanMcL
  • 366
  • 2
  • 10