WP SMTP Mail error

Keywords: WordPress Multisite - AWS - Technical issue - Email configuration (SMTP)

bnsupport ID: 7b375e8c-e652-0617-af04-a2cdab72daf7

bndiagnostic output:

? Apache: Found possible issues
? Connectivity: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
https://docs.bitnami.com/general/faq/administration/use-firewall/

bndiagnostic failure reason: The tool could not find any issue

Description:
We upgraded openssl from OpenSSL 1.1.1d to OpenSSL 1.1.1l. The certtificates for wordpress work ok but emails fail with the message below (also another interesting part is that WP Mail SMTP still shows the previous version) even though this command as run via the console shows the upgraded version:

/opt/bitnami/php/etc$ openssl version
OpenSSL 1.1.1l 24 Aug 2021

This is the error log produced by WP Mail SMTP:

Versions:
WordPress: 5.7.3
WordPress MS: Yes
PHP: 7.4.20
WP Mail SMTP: 3.0.2

Params:
Mailer: smtp
Constants: No
ErrorInfo: SMTP Error: Could not connect to SMTP host.
Host: smtp.office365.com
Port: 587
SMTPSecure: tls
SMTPAutoTLS: bool(true)
SMTPAuth: bool(true)

Server:
OpenSSL: OpenSSL 1.1.1d 10 Sep 2019

Debug:
Email Source: WP Mail SMTP Pro
Mailer: Other SMTP
SMTP Error: Could not connect to SMTP host.

SMTP Debug:
2021-09-24 04:14:31 Connection: opening to :587, timeout=300, options=array()
2021-09-24 04:14:31 Connection: opened
2021-09-24 04:14:31 SERVER -> CLIENT: 220  Microsoft ESMTP MAIL Service ready at Fri, 24 Sep 2021 04:14:30 +0000
2021-09-24 04:14:31 CLIENT -> SERVER: EHLO 
2021-09-24 04:14:31 SERVER -> CLIENT: 250- Hello [54.208.254.35]250-SIZE 157286400250-PIPELINING250-DSN250-ENHANCEDSTATUSCODES250-STARTTLS250-8BITMIME250-BINARYMIME250-CHUNKING250 SMTPUTF8
2021-09-24 04:14:31 CLIENT -> SERVER: STARTTLS
2021-09-24 04:14:31 SERVER -> CLIENT: 220 2.0.0 SMTP server ready
2021-09-24 04:14:31 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [/opt/bitnami/wordpress/wp-includes/PHPMailer/SMTP.php line 468]
SMTP Error: Could not connect to SMTP host.
2021-09-24 04:14:31 CLIENT -> SERVER: QUIT
2021-09-24 04:14:31 SERVER -> CLIENT:
2021-09-24 04:14:31 SMTP ERROR: QUIT command failed:
2021-09-24 04:14:31 Connection: closed
SMTP Error: Could not connect to SMTP host.

Hi @jcabrera,

Could you please provide more information about the steps you performed to upgrade the OpenSSL version? Did you simply run the apt command?

WordPress is still using 1.1.1d that is the version the Bitnami solution includes

pwd
mkdir downloads
cd downloads

wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz.sha256

echo "$(cat openssl-1.1.1l.tar.gz.sha256) openssl-1.1.1l.tar.gz" | sha256sum --check

tar -zxf openssl-1.1.1l.tar.gz
cd openssl-1.1.1l
./config
make
make test
sudo make install

openssl version
OpenSSL 1.1.1l  22 Sep 2020

We just upgraded openssl as a whole, didn’t realize there was an included version with bitnami. We upgraded the openssl version due to security concerns, but do you have a procedure for keeping these components both up to date but yet in sync?

Hi @jcabrera,

Sorry for the wrong information, old Bitnami WordPress instances included 2 OpenSSL versions, the one that was installed using the system’s packages and the one Bitnami included. The new Bitnami WordPress solutions just include 1 OpenSSL package and it uses the system’s packages.

It seems the application is not accepting the certificates, can you update that information?

sudo apt update
sudo apt install update-ca-certificates
sudo update-ca-certificates

Does the SMTP work now?

Ran the command above, same results.

Hi @jcabrera,

I just launched an old Bitnami WordPress instance that included an old version of OpenSSL. Then, followed your steps and installed the latest version of OpenSSL

bitnami@ip-172-31-44-208:~$ openssl version
OpenSSL 1.1.1l  24 Aug 2021 (Library: OpenSSL 1.1.1d  10 Sep 2019)

I configured the SMTP settings in WordPress and sent a test email. The email was sent successfully and I received it in my inbox


image

Maybe there is a problem with the certificate in the Microsoft servers, can you try a different email provider (gmail, sendgrid, …)?

Thanks

Thanks for trying all that, let me point it to another smtp server and see if I have better luck.

Oh one more question, in the WP Mail SMTP log does it show the correct version? If you look at the log I posted at the very beginning of this thread you’ll see that the log for me still shows OpenSSL: OpenSSL 1.1.1d 10 Sep 2019 even though querying openssl directly for version shows the upgraded one.

oh and just fyi, this worked perfectly until the upgrade with Microsoft.

Hi @jcabrera,

I didn’t check this, sorry.

Let’s see if you have multiple OpenSSL versions available in the system. What’s the output of this command?

which -a openssl

You can run the version command for every openssl that command finds.

Did you try with other SMTP providers as I mentioned? I tested the process and didn’t find any issue.

bitnami@:/$ which -a openssl
/usr/local/bin/openssl
/usr/bin/openssl
/bin/openssl

bitnami@:/$ /usr/local/bin/openssl version
OpenSSL 1.1.1l 24 Aug 2021
bitnami@:/$ /usr/bin/openssl version
OpenSSL 1.1.1d 10 Sep 2019 (Library: OpenSSL 1.1.1l 24 Aug 2021)
bitnami@:/$ /bin/openssl version
OpenSSL 1.1.1d 10 Sep 2019 (Library: OpenSSL 1.1.1l 24 Aug 2021)

Hi @jcabrera,

that’s weird! It seems you installed OpenSSL in different folders and that’s why there is a mismatch when performing the requests. I do not remember having 3 different OpenSSL versions when following the steps you mentioned. Did you perform any additional step?

You can try renaming the “other” openssl binaries to just have the one at /usr/local/bin/openssl

sudo mv  /usr/bin/openssl  /usr/bin/openssl.back
sudo mv  /bin/openssl  /bin/openssl.back

Does the SMTP work now?

I had updated the versions on the other folders and still nothing… in fact even after finding all the copies (and updating them) WP Mail SMTP still thinks it’s running the old version… so have no idea what that app is looking at.

I did follow your advise and switched from “other” as the smtp sender (which is what the Bitnami suggests in their docs). I spoke to WP Mail SMTP and they suggested using the o365 connection, which works but was a bit more complex to configure… and it leaves me with the idea that maybe at some point something else may not work correctly.

It would be nice to have a set of instructions on how to upgrade components (as an example openssl, but it could be anything) without breaking WordPress or any of the associated components. I know that we are sometimes forced to use newer components when we see critical security issues with existing versions. That kind of gets away from the specifics of the openssl, but does lead us into a conversation on how to manage our Bitnami product (in this case the multi-site AWS WordPress).

Let me know you thoughts.

Hi @jcabrera,

If you want to update the infrastructure components of the stack (Apache, PHP, MariaDB, …), we suggest you migrate the data to a new instance

https://docs.bitnami.com/aws/how-to/migrate-wordpress/

However, in this case, you can try to deploy a new instance and migrate the data. The new instance should include the latest version of OpenSSL and you shouldn’t get any error when sending emails.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.