Problems with ssl certs

Kurt Buff kurt.buff at
Tue Sep 18 02:22:46 UTC 2012

On Mon, Sep 17, 2012 at 5:55 PM, Paul Schmehl <pschmehl_lists at> wrote:
> --On September 17, 2012 5:31:25 PM -0700 Kurt Buff <kurt.buff at> wrote:
>> On Mon, Sep 17, 2012 at 5:13 PM, Paul Schmehl <pschmehl_lists at>
>> wrote:
>>> I'm setting up a new server and plan on migrating a Wordpress blog to it.
>>> Right now the server does not resolve with DNS, because the server I'm
>>> migrating from is still up and running.  (I'm in the setup and configure
>>> stage.)
>>> I've got Wordpress installed and working with apache22, mysql 5.4, php
>>> 5.5 and suphp.  I've migrated some of the blog over and installed some
>>> plugins I need.
>>> One of the plugins is the Wordpress jetpack.  I can't figure out how to
>>> get this plugin to active.
>>> This is the error message I'm getting:
>>> Your website needs to be publicly accessible to use Jetpack:
>>> site_inaccessible
>>> Error Details: The Jetpack server was unable to communicate with your
>>> site [IXR -32300: transport error: http_request_failed SSL certificate
>>> problem, verify that the CA cert is OK. Details: error:14090086:SSL
>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]
>>> I assume this is a problem with the site's self-signed cert not verifying
>>> through curl.  I cat'd the cert into the ca-certfile, but it still
>>> doesn't work, so maybe I'm wrong.
>>> Here's the path for the ca file:
>>> # curl-config --ca
>>> /usr/local/share/certs/ca-root-nss.crt
>>> I cat'd both the site's cert and the Jetpack site's cert into the
>>> ca-root-nss.crt file.  I think Jetpack is using php-curl.  I have the
>>> php-curl extension installed.
>>> Is there a way to get this self-signed cert working?  Or am I going to
>>> have to buy a cert?
>> I could be off base here, and you may already have thought of this,
>> but is the cert tied to the IP address or the name of the server? If
>> it's tied to the name, and you're accessing it via the IP address,
>> it's been my experience that the cert will throw an error. Vice versa,
>> too.
> That did not change a thing.

Hmm. Using the loopback address?


More information about the freebsd-questions mailing list