Installation with Moodle : Unknown SSL protocol error in connection to api.h5p.org:443

Hi,

At the end of hp5 plugin installation in Moodle, I get these messages :

Unknown SSL protocol error in connection to api.h5p.org:443

Site could not be registered with the hub. Please contact your site administrator.

The H5P Hub has been disabled until this problem can be resolved. You may still upload libraries through the "H5P Libraries" page.

My configuration is :

- Moodle 3.1 on ubuntu 16.04 x64 - firewall disabled

- proxy

Is there anything to configure (php, network ...) ?

If I uncheck "use H5P hub" as I read on your forum, I dont get theses errrors but I think it's normal because there is no more connexion to hp5.org ?

Thank you

DG

 

 

 

BV52's picture

Hi DG,

Have you visited Troubleshooting guide, there are information there that may help with your issue. If you are still having the issue after visiting the page please include the following information:

  1. Detailed steps to reproduce the bug (exactly how and when did it happen)
  2. Platform and version number. E.g. Drupal, Wordpress, Moodle.
  3. Mobile or Desktop
  4. Browser: Chrome, Firefox, Safari etc
  5. H5P plugin version
  6. H5P content type and version (if a content type was used), and a sample URL or attached H5P.
  7. Any browser console errors
  8. Any PHP errors
  9. Screenshots if it's a visual problem

The more information you provide, the quicker the community will be able to fix it and the quicker you'll have a working solution! 

-BV52

Hi BV,

Finally it's OK but I had to make php modifications.

The error was visible in mod/hvp/library_list.php but I had to modify lib/filelib.php and espacially :

function download_file_content

The SSL error came from proxy access.

I do the following (the commands are working on Ubuntu 16.04 server)  :

- system :

if not on system install curl :

sudo apt-get install curl

eventually install openssl (not sure it's necessary) :
sudo apt-get install openssl

- php.ini : activate curl and openssl extensions

- modify moodle file config.php and add (I prefered to put parameters in config.php) :

//-------------- Proxy ---------------------------
$CFG->curl_proxyenable=TRUE;
$CFG->curl_proxyport = '8080';
$CFG->curl_proxytype=0; // = CURLPROXY_HTTP;
$CFG->curl_proxy='myproxy';
$CFG->curl_proxyuserpwd='mydomain\myuser:hispassword';
$CFG->curl_proxyauth=8; // = CURLAUTH_NTLM

//--------------------------------------------------------

- modify lib/filelib.php and at the paragraph function download_file_content I had missing curl options :

if ($CFG->curl_proxyenable) {
    $options['CURLOPT_HTTPPROXYTUNNEL']=true;
    $options['CURLOPT_PROXYPORT']=$CFG->curl_proxyport;
    $options['CURLOPT_PROXYTYPE']=$CFG->curl_proxytype;
    $options['CURLOPT_PROXY']=$CFG->curl_proxy;
    $options['CURLOPT_PROXYUSERPWD']=$CFG->curl_proxyuserpwd;
    $options['CURLOPT_PROXYAUTH']=$CFG->curl_proxyauth;
}

Then I restarted the server but when I tested by clicking on the button "Update content type cache" on the "libraries H5P" page, I had another error :

SSL certificate error : unable to get local issuer certificate

I found on the net that I had to download a certificate file, for example :

https://curl.haxx.se/ca/cacert.pem

copy it in a moodle folder (example /var/www/html/moodle/certif)

then modifiy php.ini like this :

curl.cainfo = '/var/www/html/moodle/certif/cacert.pem'

I also modified the below line but I'm not sure it's necessary :

openssl.cainfo = '/var/www/html/moodle/certif/cacert.pem'

then restart php (I ran sudo service apache2 restart on ubuntu), and finally it's OK ...

It worked for me with our proxy but I think it depends on its configuration, environment and type and I'm not a PHP developper.

Regards

DG

 

 

 

 

BV52's picture

Hi DG, 

I'm glad you found the solution.  Also thank you for sharing your findings this will help a lot in the community.  :-) 

-BV52

Hi BV,

Thank you. Not sure it's the simplest solution but if it can help ... :-)

DG

Hello there DG and BV and thanks for the solution, great work!!!

I am struggling with a similar problem but I can not find a solution. However, I believe that I am really close to find and that is why I have a question.

$CFG->curl_proxyuserpwd='mydomain\myuser:hispassword';

I guess that in that line the user and password are the ones of the proxy but, what do I have to write instead of "mydomain"? Is it the url of my webpage (www.randomExample.es), the domain of the proxy (nameProxy:numberPort), etc? 

Thank you very much,

Eritz

Hi Eritz,

Our principal environment is under windows active directory. Windows AD centralizes all our users and computers in a domain (it's like a big group). If you don't have Windows Active Directory, but a smaller structure, perhaps are you using a windows workgroup ? It's the same thing. Under windows, for example, if the domain/workgroup has the following name : MADRIDGRP and the account in this domain/workgroup is ALAIN.DUPONT with Abracadabra as password then :

CFG->curl_proxyuserpwd='MADRIDGRP\ALAIN.DUPONT:Abracadabra'; 

Under linux I don't know how accounts are centralized but I think it's similar to windows (OpenLDAP, ... ?).

important : the user must be authorized to access to internet through proxy server (generally it's made by a network's administrator that gives these access).

Regards,

Denis

 

Hi Denis,

Thanks for your fast answer!

Interesting what you answered! Unfortunately we are working with Linux. However, a colleague told me before your tip that our proxy user does not need a domain. I will send him your answer, lets see what he says to start researching.

I have found some data researching while I was as admin in Moodle in the Server>Information PHP. I have attached a picture. Do you think that it could be information that we need for mydomain? Can you check if in your installation you have mydomain data in that field?

By the way, I have another doubt. What could you tell me about $CFG->curl_proxyauth=8; // = CURLAUTH_NTLM ? We are sure that we are not working with a NTLM but we can not find which other values could we use. Do you know where could we find something about it?

Thanks in advance!

Eritz

Attachments: 

Hi Eritz,

I don't really know NTLM but I think it's a protocol used by Microsoft to crypt communications between servers. For your configuration I don't know exactly what you must indicate.

For more informations, take a look at this page :

http://php.net/manual/en/function.curl-setopt.php

// = CURLAUTH_NTLM is just a comment (in PHP after // it's considered as a comment) for me to remember that CURLAUTH_NTLM constant has the 8 value.

If I only wrote : $CFG-W>curl_proxyauth=8; it's the same thing.

I think that if you have a network's administrator, that administers the proxy, ask him to give you (or create) an account  that have access to internet and indicates this account/password as $options['CURLOPT_PROXYUSERPWD'] value (try without using domain or workgroup name).

Anothers links :

https://curl.haxx.se/libcurl/c/CURLOPT_HTTPAUTH.html

https://beamtic.com/using-proxies-with-curl

Perhaps for the $CFG->curl_proxyauth parameter instead of CURLAUTH_NTLM put CURLAUTH_BASIC as value (or the equivalent number for this value) ?

Sorry I can't help you anymore.

Denis

Hi Denis,

I do not know where the problem is... Anyway, thanks for your fast answers! I hope to write back once that I have found the solution.

Thank you very much,

Eritz

has a permanent solution been found for 'SSL certificate error : unable to get local issuer certificate'?

Ive applied the curl.cainfo workaround fix but would prefer not to update this system value in php.ini file in case other applications are affected.

Can you make the update more specific to h5p instead of a system wide setting update in php.ini?

thanks