Replies: 1
I have two WordPress servers. I put WP mail on both. Server with ipv6.scsiraidguru.com works great with Outlook. The server with wp.scsiraidguru.com doesn’t. Certificates are from Godaddy. SSL Labs A+ on both sites. Openssl cert and key match. I am on Openssl 1.1.1i.
Here is the log.
Versions:
WordPress: 5.6.1
WordPress MS: No
PHP: 7.4.14
WP Mail SMTP: 2.6.0
Params:
Mailer: smtp
Constants: No
ErrorInfo: SMTP Error: Could not connect to SMTP host.
Host: smtp-mail.outlook.com
Port: 587
SMTPSecure: tls
SMTPAutoTLS: bool(true)
SMTPAuth: bool(true)
Server:
OpenSSL: OpenSSL 1.1.1i 8 Dec 2020
Debug:
Mailer: Other SMTP
SMTP Error: Could not connect to SMTP host.
SMTP Debug:
2021-02-06 21:15:13 Connection: opening to smtp-mail.outlook.com:587, timeout=300, options=array()
2021-02-06 21:15:13 Connection: opened
2021-02-06 21:15:13 SERVER -> CLIENT: 220 CH2PR18CA0033.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 6 Feb 2021 21:15:13 +0000
2021-02-06 21:15:13 CLIENT -> SERVER: EHLO wp.scsiraidguru.com
2021-02-06 21:15:13 SERVER -> CLIENT: 250-CH2PR18CA0033.outlook.office365.com Hello [2600:1702:980:25e0::48]250-SIZE 157286400250-PIPELINING250-DSN250-ENHANCEDSTATUSCODES250-STARTTLS250-8BITMIME250-BINARYMIME250-CHUNKING250 SMTPUTF8
2021-02-06 21:15:13 CLIENT -> SERVER: STARTTLS
2021-02-06 21:15:13 SERVER -> CLIENT: 220 2.0.0 SMTP server ready
2021-02-06 21:15:13 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [/var/www/wp.scsiraidguru.com/public_html/wp-includes/PHPMailer/SMTP.php line 455]
SMTP Error: Could not connect to SMTP host.
2021-02-06 21:15:13 CLIENT -> SERVER: QUIT
2021-02-06 21:15:13 SERVER -> CLIENT:
2021-02-06 21:15:13 SMTP ERROR: QUIT command failed:
2021-02-06 21:15:13 Connection: closed
SMTP Error: Could not connect to SMTP host.
echo QUIT | openssl s_client -starttls smtp -crlf -connect smtp-mail.outlook.com:587
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4273 bytes and written 526 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 1608000029B84628A5D5B60EAE21D991C1497D1D33E802A9C4D1B13671FE4942
Session-ID-ctx:
Master-Key: 91CFD21750801A42810477A43F2C58E27FBA2D33DB2F482D276CBA1BB948AAEC0BF12D05E9660A4B2A594330F2AEFF22
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1612646386
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: yes
openssl s_client -CApath /etc/apache2/ssl/ -connect wp.scsiraidguru.com:443
CONNECTED(00000003)
depth=3 C = US, O = “The Go Daddy Group, Inc.”, OU = Go Daddy Class 2 Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=3 C = US, O = “The Go Daddy Group, Inc.”, OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=2 C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, CN = Go Daddy Root Certificate Authority – G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority – G2
verify return:1
depth=0 OU = Domain Control Validated, CN = wp.michaelmckenney.com
verify return:1
—
Certificate chain
0 s:OU = Domain Control Validated, CN = wp.michaelmckenney.com
i:C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority – G2
1 s:C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority – G2
i:C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, CN = Go Daddy Root Certificate Authority – G2
2 s:C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, CN = Go Daddy Root Certificate Authority – G2
i:C = US, O = “The Go Daddy Group, Inc.”, OU = Go Daddy Class 2 Certification Authority
3 s:C = US, O = “The Go Daddy Group, Inc.”, OU = Go Daddy Class 2 Certification Authority
i:C = US, O = “The Go Daddy Group, Inc.”, OU = Go Daddy Class 2 Certification Authority