Installation with Moodle : Unknown SSL protocol error in connection to api.h5p.org:443
Submitted by DG68 on Wed, 02/07/2018 - 11:46
Hi,
At the end of hp5 plugin installation in Moodle, I get these messages :
Unknown SSL protocol error in connection to api.h5p.org:443
Site could not be registered with the hub. Please contact your site administrator.
The H5P Hub has been disabled until this problem can be resolved. You may still upload libraries through the "H5P Libraries" page.
My configuration is :
- Moodle 3.1 on ubuntu 16.04 x64 - firewall disabled
- proxy
Is there anything to configure (php, network ...) ?
If I uncheck "use H5P hub" as I read on your forum, I dont get theses errrors but I think it's normal because there is no more connexion to hp5.org ?
Thank you
DG
BV52
Wed, 02/07/2018 - 12:41
Permalink
Hi DG,Have you visited
Hi DG,
Have you visited Troubleshooting guide, there are information there that may help with your issue. If you are still having the issue after visiting the page please include the following information:
The more information you provide, the quicker the community will be able to fix it and the quicker you'll have a working solution!
-BV52
DG68
Fri, 02/09/2018 - 12:00
Permalink
Hi BV,Finally it's OK but I
Hi BV,
Finally it's OK but I had to make php modifications.
The error was visible in mod/hvp/library_list.php but I had to modify lib/filelib.php and espacially :
function download_file_content
The SSL error came from proxy access.
I do the following (the commands are working on Ubuntu 16.04 server) :
- system :
if not on system install curl :
sudo apt-get install curl
eventually install openssl (not sure it's necessary) :
sudo apt-get install openssl
- php.ini : activate curl and openssl extensions
- modify moodle file config.php and add (I prefered to put parameters in config.php) :
//-------------- Proxy ---------------------------
$CFG->curl_proxyenable=TRUE;
$CFG->curl_proxyport = '8080';
$CFG->curl_proxytype=0; // = CURLPROXY_HTTP;
$CFG->curl_proxy='myproxy';
$CFG->curl_proxyuserpwd='mydomain\myuser:hispassword';
$CFG->curl_proxyauth=8; // = CURLAUTH_NTLM
//--------------------------------------------------------
- modify lib/filelib.php and at the paragraph function download_file_content I had missing curl options :
if ($CFG->curl_proxyenable) {
$options['CURLOPT_HTTPPROXYTUNNEL']=true;
$options['CURLOPT_PROXYPORT']=$CFG->curl_proxyport;
$options['CURLOPT_PROXYTYPE']=$CFG->curl_proxytype;
$options['CURLOPT_PROXY']=$CFG->curl_proxy;
$options['CURLOPT_PROXYUSERPWD']=$CFG->curl_proxyuserpwd;
$options['CURLOPT_PROXYAUTH']=$CFG->curl_proxyauth;
}
Then I restarted the server but when I tested by clicking on the button "Update content type cache" on the "libraries H5P" page, I had another error :
SSL certificate error : unable to get local issuer certificate
I found on the net that I had to download a certificate file, for example :
https://curl.haxx.se/ca/cacert.pem
copy it in a moodle folder (example /var/www/html/moodle/certif)
then modifiy php.ini like this :
curl.cainfo = '/var/www/html/moodle/certif/cacert.pem'
I also modified the below line but I'm not sure it's necessary :
openssl.cainfo = '/var/www/html/moodle/certif/cacert.pem'
then restart php (I ran sudo service apache2 restart on ubuntu), and finally it's OK ...
It worked for me with our proxy but I think it depends on its configuration, environment and type and I'm not a PHP developper.
Regards
DG
BV52
Fri, 02/09/2018 - 11:46
Permalink
Hi DG, I'm glad you found the
Hi DG,
I'm glad you found the solution. Also thank you for sharing your findings this will help a lot in the community. :-)
-BV52
DG68
Fri, 02/09/2018 - 11:51
Permalink
Hi BV,Thank you. Not sure it
Hi BV,
Thank you. Not sure it's the simplest solution but if it can help ... :-)
DG
eritzinho
Thu, 09/20/2018 - 13:52
Permalink
Hello there DG and BV and
Hello there DG and BV and thanks for the solution, great work!!!
I am struggling with a similar problem but I can not find a solution. However, I believe that I am really close to find and that is why I have a question.
$CFG->curl_proxyuserpwd='mydomain\myuser:hispassword';
I guess that in that line the user and password are the ones of the proxy but, what do I have to write instead of "mydomain"? Is it the url of my webpage (www.randomExample.es), the domain of the proxy (nameProxy:numberPort), etc?
Thank you very much,
Eritz
DG68
Thu, 09/20/2018 - 15:46
Permalink
Hi Eritz,Our principal
Hi Eritz,
Our principal environment is under windows active directory. Windows AD centralizes all our users and computers in a domain (it's like a big group). If you don't have Windows Active Directory, but a smaller structure, perhaps are you using a windows workgroup ? It's the same thing. Under windows, for example, if the domain/workgroup has the following name : MADRIDGRP and the account in this domain/workgroup is ALAIN.DUPONT with Abracadabra as password then :
CFG->curl_proxyuserpwd='MADRIDGRP\ALAIN.DUPONT:Abracadabra';
Under linux I don't know how accounts are centralized but I think it's similar to windows (OpenLDAP, ... ?).
important : the user must be authorized to access to internet through proxy server (generally it's made by a network's administrator that gives these access).
Regards,
Denis
eritzinho
Fri, 09/21/2018 - 13:56
Permalink
Hi Denis,Thanks for your fast
Hi Denis,
Thanks for your fast answer!
Interesting what you answered! Unfortunately we are working with Linux. However, a colleague told me before your tip that our proxy user does not need a domain. I will send him your answer, lets see what he says to start researching.
I have found some data researching while I was as admin in Moodle in the Server>Information PHP. I have attached a picture. Do you think that it could be information that we need for mydomain? Can you check if in your installation you have mydomain data in that field?
By the way, I have another doubt. What could you tell me about $CFG->curl_proxyauth=8; // = CURLAUTH_NTLM ? We are sure that we are not working with a NTLM but we can not find which other values could we use. Do you know where could we find something about it?
Thanks in advance!
Eritz
DG68
Fri, 09/21/2018 - 16:33
Permalink
Hi Eritz,I don't really know
Hi Eritz,
I don't really know NTLM but I think it's a protocol used by Microsoft to crypt communications between servers. For your configuration I don't know exactly what you must indicate.
For more informations, take a look at this page :
http://php.net/manual/en/function.curl-setopt.php
// = CURLAUTH_NTLM is just a comment (in PHP after // it's considered as a comment) for me to remember that CURLAUTH_NTLM constant has the 8 value.
If I only wrote : $CFG-W>curl_proxyauth=8; it's the same thing.
I think that if you have a network's administrator, that administers the proxy, ask him to give you (or create) an account that have access to internet and indicates this account/password as $options['CURLOPT_PROXYUSERPWD'] value (try without using domain or workgroup name).
Anothers links :
https://curl.haxx.se/libcurl/c/CURLOPT_HTTPAUTH.html
https://beamtic.com/using-proxies-with-curl
Perhaps for the $CFG->curl_proxyauth parameter instead of CURLAUTH_NTLM put CURLAUTH_BASIC as value (or the equivalent number for this value) ?
Sorry I can't help you anymore.
Denis
eritzinho
Wed, 09/26/2018 - 10:30
Permalink
Hi Denis,I do not know where
Hi Denis,
I do not know where the problem is... Anyway, thanks for your fast answers! I hope to write back once that I have found the solution.
Thank you very much,
Eritz
plindgreen
Thu, 04/28/2022 - 15:56
Permalink
curl.cainfo permanent solttiion
has a permanent solution been found for 'SSL certificate error : unable to get local issuer certificate'?
Ive applied the curl.cainfo workaround fix but would prefer not to update this system value in php.ini file in case other applications are affected.
Can you make the update more specific to h5p instead of a system wide setting update in php.ini?
thanks