I have shifted my client management system to a new server but after that, emails notifications are not working anymore. The new server is running nginx and this is the error I'm getting in the logs. OpenSSL is updated and installed on the server.
Normal PHPMails are working but they always go to the spam/junk folder so I'm using ZohoMail for this purpose. On the previous apache server, it was running fine.
The same case is happening with WordPress installation as well. Please guide me on this issue so I can better communicate with my server vendor.
ERROR - 2022-04-08 05:12:16 --> Email: sendWithSmtp throwed fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
ERROR - 2022-04-08 05:12:16 --> Unable to send email using PHP SMTP. Your server might not be configured to send mail using this method.<br /><pre>Date: Fri, 8 Apr 2022 05:12:16 -0500
From: "Smart Portal" <noreply#email.com>
Return-Path: <noreply#email.com>
To: my#email.com
Subject: =?UTF-8?Q?Test=20message?=
Reply-To: <noreply#email.com>
User-Agent: CodeIgniter
X-Sender: noreply#email.com
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Message-ID: <62500a803c12f0.84020712#email.com>
Mime-Version: 1.0
Related
I am new to Openstack. I installed Openstack using Packstack in my CentOS machine. When I try to login using the default keystone_admin credentials, it showed a server error.
Here is my keystone.log file. Can somebody help?
2020-05-07 03:13:57.097 2303 WARNING keystone.server.flask.application [req-8c75dc88-73f3-4605-8a6b-3ba515d9fd84 3a3280ddae08412ab1145c193b587161 - - default -] Authorization failed. The request you have made requires authentication. from 192.168.225.30: Unauthorized: The request you have made requires authentication.
2020-05-07 03:13:57.235 2300 WARNING keystone.common.rbac_enforcer.enforcer [req-d1a5e980-617f-48d4-8322-40b0aa068140 3a3280ddae08412ab1145c193b587161 - - default -] Deprecated policy rules found. Use oslopolicy-policy-generator and oslopolicy-policy-upgrade to detect and resolve deprecated policies in your configuration.
Link to picture
try to find any rc files in your /root folder.
the file name is similar with openrc or adminrc
$ .openrc
$ try some openstack command
and it will succeed.
I install ROS on my server, but when I called ros start and it will running at my server, here is the log:
login as: root
root#*.*.*.*'s password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-109-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Welcome to Alibaba Cloud Elastic Compute Service !
root#iZwz940pq66re8qvh8adzuZ:~# ros start
info: Loaded feature token capabilities=[Sync], expires=Wed Apr 19 2017 22:15:29 GMT+0800 (CST)
info: Realm Object Server version 2.5.1 is starting
info: [sync] Realm sync server started ([realm-core-4.0.4], [realm- sync-2.1.10])
info: [sync] Directory holding persistent state: /root/data/sync/user_data
info: [sync] Operating mode: master_with_no_slave
info: [sync] Log level: info
info: [sync] Download log compaction is enabled
info: [sync] Max download size: 131072 bytes
info: [sync] Listening on 127.0.0.1:35571 (sync protocol version 22)
info: Realm Object Server has started and is listening on http://0.0.0.0:9080
But when I entered the address in the browser, It told me that I could not connect.And I use Realm Studio to connect it also tell me that could not reach the server, did i forget something steps? Maybe my server's security policy forbide the port?
Per to the log description, Realm Object Server has started and is listening on http://0.0.0.0:9080.
Please ensure you've allowed TCP port 9080 in your ECS security group.
For detail steps, please refer the document
Add a security group rule
the AWS Powershell SAML code below works without problems on all windows workstations but on all windows servers we get this error:
Use-STSRole : Credential generation from SAML authentication failed.
+ CategoryInfo : InvalidOperation: (Amazon.PowerShe...seSTSRoleCmdlet:UseSTSRoleCmdlet) [Use-STSRole], InvalidOperationException
+ FullyQualifiedErrorId : Amazon.Runtime.AmazonClientException,Amazon.PowerShell.Cmdlets.STS.UseSTSRoleCmdlet
powershell code:
Clear-AWSCredentials
Set-DefaultAWSRegion eu-west-1
$ADFSendpoint=Set-AWSSamlEndpoint -Endpoint "https://adfs.mycompany.com/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices" -StoreAs ADFSendpoint
Set-AWSSamlRoleProfile -EndpointName $ADFSendpoint -StoreAllRoles
Set-AWSCredentials -ProfileName "123456789012:role/MyRole"
$RoleArn = "arn:aws:iam::123456789012:role/MyRole"
$CredentialAws = (Use-STSRole -RoleArn $RoleArn -RoleSessionName
"MySession").Credentials
$CredentialAws
Get-S3Bucket
This is maddening - they are otherwise identically set up, and the ADFS endpoint still works fine in a browser on the servers, but NOT in Powershell.
This used to work recently on the servers but I am unable to find out why it stopped working.
The issue is resolved.
Fiddler revealed a certificate problem (see below) and it turned out that there was two versions of root certificate "Starfield Class 2 Certification Authority" - the version on the workstations expires 2034 and the version on the servers expires 2024 - so both should be valid, but still the 2024 version shows chain with warning and the 2034 version shows chain with no warning.
So the AWS Powershell endpoint sts.amazonaws.com must have had its certificate chain changed recently to cause this symptom.
Evt. google for Powershell script to save SSL certificate to a file for a site like sts.amazonaws.com.
-----fiddler output-----
Session #6: The server (sts.amazonaws.com) presented a certificate that did not validate, due to RemoteCertificateChainErrors.
0 - A certificate chain could not be built to a trusted root authority.
1 - The revocation function was unable to check revocation for the certificate.
2 - The revocation function was unable to check revocation because the revocation server was offline.
ISSUER: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
I've just installed Jenkins on a google cloud vm and configured nginx to point at 8080. I can enter the initial admin password and then i get to the screen where i can select plugins. When i click on "install suggested plugins" an error appears:
No valid crumb was included in this request
I started Jenkins with the command:
java -Dhudson.security.csrf.requestfield=Jenkins-Crumb -jar jenkins.war
stdout says:
INFO: Session node016ikde2z4paqem02o7wos0rgd1 already being invalidated
Nov 02, 2017 7:57:44 PM hudson.security.csrf.CrumbFilter doFilter
WARNING: Found invalid crumb 27d19a27be31d1d5703128b635b60c3b. Will
check remaining parameters for a valid one...
Nov 02, 2017 7:57:44 PM hudson.security.csrf.CrumbFilter doFilter
WARNING: No valid crumb was included in request for
/pluginManager/installPlugins. Returning 403.
does anybody know how i can either disable CSRF or include a valid crumb in my request? I can generate a valid crumb by running:
$ curl -u "admin:ebdcf2fcf6f74ee8b4ec907a1486ml?xpath=concat(//crumbRequestField,":",//crumb)'
Jenkins-Crumb:ef6250c9afe294555e20f1b9ab875261
but i don't know what to do with it after that.
Many thanks!
To Disable CSRF (although this is not recommended), follow the below 3 steps:
Log in to Jenkins as an Administrator
GOTO: Jenkins > Manage Jenkins > Configure Global Security and enable Prevent
Cross Site Request Forgery exploits
Uncheck this option
Mention the version of the Jenkins you are using to suggest on how to provide a valid crumb in your request.
I have just installed an intermediate & primary SSL certificate on my VPS. Everything is working well, except when I make a cfhttp call:
<cfhttp url="https://advert.establishmindfulness.com/ad-zone-1/?categoryid=1" method="get" result="adzone" />
<cfdump var="#adzone#" />
From https://app.establishmindfulness.com to https://advert.establishmindfulness.com. These 2 subdomains are on the same server, and I am using a wildcard SSL certificate:
*.establishmindfulness.com
That covers all sub domains.
VPS environment
OS: Windows 2008R2 with IIS7
Application server: Lucee 4.5.2.018 final
Servlet Container: Apache Tomcat/8.0.28
Java: 1.8.0_66 (Oracle Corporation) 64bit
Do I need to install the intermediate.crt & primaryssl.crt into my keystore cacerts? Is this the problem?
I tried just installing the certificate.cer that I grabbed from Internet Explorer, but maybe this is the wrong approach?
I still get the error:
Error Detail
Unknown host: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
OK. For anyone who comes across this issue, instead of having to spend several hours pulling your hair out, I managed to get the connection to work:
This is taken from the following link:
https://groups.google.com/forum/#!topic/lucee/BPm8vYdgkPQ
Thank you Dominic Watson
I've just tried this and got it working:
Log in to Lucee server admin and navigate to "SSL Certificates"
Enter your host name "establishmindfulness.com" in the Host field (without the quotes)
Hit "list" button
Hit "install" button
That's it. The cfhttp call started working.