SSL Errors handshake_failure using Let's Encrypt on WordPress with NGINX and SSL stack

Keywords: Nginx - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 09ba762d-e8ae-0b05-8524-ed1f980abf42
Description:
Hi,

So far I’m loving the speed of the ‘WordPress with NGINX and SSL’ stack on AWS. It’s lightning fast but I’m having issues with SSL and a plugin.

I’ve set up WordPress with HTTPS and mostly everything works fine.

I’ve come into an issue with a plugin I use from WPMUDEV called UpTime which is part of Hummingbird. The plugin works fine with HTTP but as soon as I installed HTTPS, it spits an error back at me.

Uptime error:
ERROR: WRITE EPROTO 140311846238080:ERROR:14077410:SSL ROUTINES:SSL23_GET_SERVER_HELLO:SSLV3 ALERT HANDSHAKE FAILURE:…/DEPS/OPENSSL/OPENSSL/SSL/S23_CLNT.C:80

WPMUDEV keep telling me it’s an error with my SSL certificate and say if you visit https://www.ssllabs.com/ssltest, it fails a couple of handshake tests.

I followed the instructions to install SSL here: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

I used:

sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m email -d mydomain.com -d www.mydomain.com

Which worked fine, I then modify the /opt/bitnami/nginx/conf/bitnami/bitnami.conf file so that it looks like this:

server { listen 80; server_name localhost; return 301 https://$host$request_uri; include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf"; }

The website is working just fine, the only issue I have is with the plugin. What could the issue be?

I did notice that the stack is not completely up to date.

Nginx seems fine:

nginx -v nginx version: nginx/1.16.0

curl --version curl 7.45.0 (x86_64-pc-linux-gnu) libcurl/7.45.0 OpenSSL/1.0.2r zlib/1.2.11 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

both curl and open SSL have newer versions out. How can I update these?

Curl is now: 7.64.1 - March 27 2019
Open SSL is now: OpenSSL/1.1.1 September 11, 2018.

Any help would be much appreciated.

Hi @digitalbit,

I just accessed your site and found that it has a valid certificate. However, there is a mixed content there and that’s why you may be obtaining error messages when accessing it

image

If you access the source code of the website you can see that there are some http:// links when you use https. Please change that information in the application and try to use the plugin again.

Thanks

Hi @jota, I’ve fixed that now and it makes no difference. I still get the same error.

I believe this is due to the outdated Curl and OpenSSL versions.

How can I update these?

Thanks @digitalbit,

Our team will take a look at all the information in this thread again and will give you more information soon. Contacting the developers of the plugin will probably required to know more information about why the plugin is failing but we will let you know if that’s needed.

Thanks @jota

I have already contacted the developers who said the issue is with the SSL certificate and the errors as I mentioned.

I believe the issue might be resolved with updating Curl and OpenSSL. Can you provide instructions on how to update them?

Thanks

Hi @digitalbit, I don’t think this is related to OpenSSL, although it could be related to cURL.

Could you describe the steps to reproduce the issue on our side? It seems like we need to install a plugin, enable HTTPS and then access the page via HTTPS, is there anything else required? Where and how is the error showing?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Keywords: WordPress + NGINX + SSL - AWS - Technical issue - Other
Description:
Hi,

This is a follow up from SSL Errors handshake_failure using Let's Encrypt on WordPress with NGINX and SSL stack which was closed without resolution.

So far I’m loving the speed of the ‘WordPress with NGINX and SSL’ stack on AWS. It’s lightning fast but I’m having issues with SSL and a plugin.

I’ve set up WordPress with HTTPS and mostly everything works fine.

I’ve come into an issue with a plugin I use from WPMUDEV called UpTime which is part of Hummingbird. The plugin works fine with HTTP but as soon as I installed HTTPS, it spits an error back at me.

Uptime error:
ERROR: WRITE EPROTO 140311846238080:ERROR:14077410:SSL ROUTINES:SSL23_GET_SERVER_HELLO:SSLV3 ALERT HANDSHAKE FAILURE:…/DEPS/OPENSSL/OPENSSL/SSL/S23_CLNT.C:80

WPMUDEV keep telling me it’s an error with my SSL certificate and say if you visit ssllabs, it fails a couple of handshake tests.

I followed the instructions to install SSL via Bitnami

I used:

sudo /opt/bitnami/letsencrypt/scripts/generate-certificate.sh -m email -d mydomain.com -d www . mydomain . com

Which worked fine, I then modify the /opt/bitnami/nginx/conf/bitnami/bitnami.conf file so that it looks like this:

server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
include “/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf”;
}

The website is working just fine, the only issue I have is with the plugin. What could the issue be?

I did notice that the stack is not completely up to date.

Nginx seems fine:

nginx -v
nginx version: nginx/1.16.0

curl --version
curl 7.45.0 (x86_64-pc-linux-gnu) libcurl/7.45.0 OpenSSL/1.0.2r zlib/1.2.11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

both curl and open SSL have newer versions out. How can I update these?

Curl is now: 7.64.1 - March 27 2019
Open SSL is now: OpenSSL/1.1.1 September 11, 2018.

Any help would be much appreciated.

To replicate this issue:

  • Create an AWS EC2 Instance and install Wordpress + NGINX + SSL
  • Install Hummingbird Pro Plugin from WPMUDEV https://premium.wpmudev.org/project/wp-hummingbird/
  • Run Uptime within plugin
  • You wil receive error “ERROR: WRITE EPROTO 140311846238080:ERROR:14077410:SSL ROUTINES:SSL23_GET_SERVER_HELLO:SSLV3 ALERT HANDSHAKE FAILURE:…/DEPS/OPENSSL/OPENSSL/SSL/S23_CLNT.C:802:” in the WPMUDEV Console

I’ve since tried this on another server with Apache and Let’s Encrypt and it works fine so I don’t think it’s an issue with SSL.

@Marcos sorry my reply took so long, the old post closed so I updated it above. Thanks

We have a Support Tool that will gather relevant information for us to analyze your configuration and logs. Could you please download and execute it on the machine where the stack is running by following the steps described in the guide below?

How to Run the Bitnami Support Tool

Please note that you need to paste the code outputted by the tool in your reply.

Hey @michiel, here is the code. Thanks

39976a83-6730-0840-e1c2-a716eca6e6c3

Hi @digitalbit,
It seems that is a problem with the URL that the plugin is trying to contact to.
SSLv3 is disable due it has security problems

As you can see the nginx’s configuration only enables TLS 1, 1.1 and 1.2 for you site.

Best Regards.
Rafael Rios Saavedra

Hi, I am checking with the Plugin devs and will confirm with you soon.

Thanks

Hi,

The developer upgraded their node and fixed the issue. It seems the issue was on their end.

Thanks

1 Like

Not an expert but I ran into the same issue before.

I am running Wordpress with Nginx on Google Cloud.
Some of the content (photos) uploaded to Wordpress was done before having the Let’s Encrypt SSL and HTTPS working.
Google was giving me the same “mixed content” warning.
I simply removed that content and uploaded it again.
Problem solved.

Hi There,

Not exactly the same problem. This was a specific issue with the plugin being used which the developers have since fixed due to an issue with their node.

Cheers

Hi @digitalbit,
I am happy you were able to fix the issue.

Best regards,
Rafael Rios Saavedra.

Damm even I am having a similar kind of issue, I have searched all over the internet and even have posted on number of threads on different forum, no solution seems to work. I am really frustrated, can anyone of you here help me resolve this issue, I am very much tired now.

Hi @miyabhai101,
Do you mind opening a new issue?
This way we can have all the information and steps done independently. If you like, you can refer to this issue.