Connecting to Let’s Encrypt SSL sites via cURL from MAMP
This is a brief lesson in diagnostics that some may find helpful.
I develop websites on a Mac running MAMP. On my Mac I have an installation of InfiniteWP that connects to each of the live websites that ZigPress hosts and supports, so that WordPress core and plugin updates can be completed quickly and conveniently.
Recently I added an SSL Certificate from Let’s Encrypt to two of the live websites, so that they can run using https rather than http. However, when my InfiniteWP installation then tried to connect to these sites (after I had updated the connection URL to an https one), it failed, with the error “Unknown SSL protocol error“.
I googled the error and found a number of articles including some on StackExchange, however nothing seemed to quite fit.
Some suggested forcing cURL to use IPv4, and I tried this but it made no difference. Others suggested forcing cURL to use a certain SSL protocol type, e.g. TLS v1.0 etc. This seemed more promising and I did some more googling, eventually finding this link which gave me a clue – that certain types of SSL protocol only work with more recent versions of cURL.
Interesting, I thought, and checked my cURL version. Sure enough, it was quite old. But what protocol were my shiny new SSL certificates using? Simply typing curl https://www.sitename.com/wp-admin/ –verbose gave me the answer: TLS v1.2. So my version of cURL running within PHP on MAMP couldn’t understand the TLS v1.2 protocol. Bingo! Problem solved – or so I thought.
The Next Problem
I checked the MAMP website and saw that if I upgraded my MAMP installation to the latest version (3.5), it would include a newer version of PHP (5.6.10) which contained a new enough version of the cURL library. So I did the update by following this guide.
However, when I launched InfiniteWP and tried to add one of my SSL sites, I still got the same error. I dug into the InfiniteWP source code and found that the cURL call wasn’t specifying which SSL version to use, so I added the command:
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
just before the curl_exec call.
However, now InfiniteWP gave me the error “Unsupported SSL protocol version“. Hmph. Something was still wrong and I did some more googling.
This time I found this StackExchange article which told me that the version of OpenSSL that MAMP uses is too old to support TLS 1.2. Reading further, I learned that only by using Apache 2.4 can I have a new enough version of OpenSSL. MAMP uses Apache 2.2 with no update yet possible.
So it was time to look for an alternative Mac/Apache/MySQL/PHP stack for my Mac.
After installing AMPPS I found that the control panel was pretty terrible and, while it provided links to update the server config files using TextEdit, Apache wouldn’t start after making the required changes to get my config the way I need it. So AMPPS wasn’t going to cut it.
Finally I tried XAMPP. Firstly I dumped the MySQL database for InfiniteWP, then quit MAMP, installed XAMPP, configured it to use my custom webroot path, fired up Sequel Pro and imported the InfiniteWP database. I added one of my SSL-enabled websites to InfiniteWP and this time it worked! Job done. All I now have to do is export all my other local MySQL databases from MAMP and import them to XAMPP.
I think the lesson here is that apparently-inexplicable errors, expecially when you’re dealing with PHP and SSL, can often simply be due to incompatible versions of the packages that are being used. So, always check your version numbers using phpinfo() when googling a strange problem.