PHPMailer - SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Question

Have encountered an issue where email should be sent from an mail server which has self signed certificate, the error which I get is :

PHP Warning:  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in class.smtp.php on line 327.

Has anyone encountered anything similar?

EDIT:

I have also tried to set the stream_context params (params: SSL context options):

$options['ssl']['verify_peer'] = false;
$options['ssl']['verify_peer_name'] = false;
$options['ssl']['allow_self_signed'] = true;

No luck, it still fails with the same error as pointed above.

Thanks.

Answer 1

PHP 5.6 introduces SSL certificate verification, so if your config is broken, it will fail with this error. You should fix your SSL, but you can revert to the old behaviour by setting the SMTPOptions property to not verify certificates:

$mail->SMTPOptions = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);

Editing the library defeats the entire point of libraries - and if you do as Kaf's answer suggests, your code will break when you upgrade. Really, don't do that.

Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues before using this as a solution.

Answer 2

I have the same problem. So i changed the file class.smtp.php in line 238:

public function connect($host, $port = null, $timeout = 30, $options = array()) {
       if (count($options) == 0) {
           $options['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true);
       }

now it works fine!

Editor's note: disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues before using this as a solution.

Answer 3

I had the same problem. It turned out that my Postfix config was missing the intermediates and root certificates setting:

smtpd_tls_CAfile=/etc/ssl/certs/intermediate-root-bundle.crt

Even though this Postfix config has worked for years with Outlook and Thunderbird, PHP was more picky and failed the SSL check.

So even though you might be tempted to hack PHPMailer, please don't, and fix the underlying problem.

Answer 4

Just wanted to put my 2 cents in since I've been looking for a fix for days until I tried Kaf's solution and it worked!! Thanks @Kaf

Anyways... For me, PHPMailer was working fine until I decided to upgrade PHP to PHP5.6

Changes were made to open ssl in PHP 5.6. Here is the official docs:

http://php.net/manual/en/migration56.openssl.php

From the docs it says to set verify_peer and verify_peer_name to false

So just follow Kaf's answer and see if that works for you.

Editor's note: The doc also says this is not recommended! Disabling SSL verification has security implications. Without verification of the authenticity of SSL/HTTPS connections, a malicious attacker can impersonate a trusted endpoint (such as GitHub or some other remote Git host), and you'll be vulnerable to a Man-in-the-Middle Attack. Be sure you fully understand the security issues before using this as a solution.