curl not working over ssl - loopback error

[howdoi]

been struggling with a loopback issue for a while now and finally decide that better minds than mine are needed to resolve.

I have a working cURL on site within same server. Both sites are running on diedicated IP addresses. However, site running on comodo ssl does not work for curl and reports loop-back error. More explicitly, I get the following:
140770FC:SSL
SSL23_GET_SERVER_HELLO:unknown protocol

additionally, multiple programs have all reported an issue with loopback for this one ip. However, not much more info has been given so unsure if it is a loopback issue or as the above error suggested a protocol issue. I did attempt to enable all protocols and nothing appears to make a difference on that front.

Advice, what is next step? (or hopefully, someone has already confronted this issue and resolved and knows exactly how to fix )

here is apache config to help ensure no issues with protocols

• fileetag: None
• keepalive: Off
• keepalivetimeout: 5
• maxclients: 150
• maxkeepaliverequests: 100
• maxrequestsperchild: 10000
• maxspareservers: 10
• minspareservers: 5
• root_options: ExecCGI, FollowSymLinks, IncludesNOEXEC, Indexes, SymLinksIfOwnerMatch
• serverlimit: 256
• serversignature: Off
• servertokens: ProductOnly
• sslciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
• sslprotocol: All +TLSv1.2 -SSLv2 -SSLv3
• startservers: 5
• timeout: 300
• traceenable: Off

 

[howdoi]

also, real cron through cpanel works for backups and other task, so not sure what exactly causes this issue but it seems pretty prevalent throughout the web without much clarity of the root issue. Hopefully, we can change that with this thread.

 

[massafiri]

Have you checked EasyApache to make sure you have SSH cURL enabled?

 

[howdoi]

Yes. SSHCURL has been configured in Easyapache3 and recompliled.

I'm running cloudlinux on a VPS.

 

[howdoi]

additionally, the error response from several plugins is along the lines of this:

Error #9038: Loopback test error: `SSL certificate problem: self signed certificate`. URL: `https://xxxxxxxx.com/wp-admin/admin-ajax.php`

The issue that is confusing is that the SSL for this ip is not self-signed; its a comodo license. However, the SSL for server and root ip is self-signed. As the system cron is associated with the server itself, is this response normal? Or is it somehow crossing the two and causing the break? If so, how do I fix???

 

[cPanelMichael]

Hello

Is the cron job associated with a specific application, or are you testing this with your own custom PHP scripts? The reason I ask is because I've seen this issue resolved in the past by users updating specific WordPress plugins.

Thank you.

 

[howdoi]

following up. I think I resolved this issue. Not sure how exactly, but here's my assumption.

Originally the site was not routing properly, which may have been an issue with cloudlinux and cagefs not being properly set up in the beginning. During this time, to get site to route properly, I had to add site url to host.conf.

After getting CL properly tweaked, it appears that virtualhost settings took hold and are being properly configured (at a basic level) at the time of account creation in whm. Once this occurred, the previous hack/repair of using site urls in host config file must have created a conflict and caused routing of curl to use servers self-signed ssl instead of specific sites registered ssl.

Again, this is my assumption. I made quite a few attempts to fix and this is the only one within proximity to the time that the issue showed resolution. @cPanelMichael If you know my above assumption to be incorrect, then please advise as it would be nice to have certainty on what exactly resolved the issue.

Kind Regards

 

[cPanelMichael]

Again, this is my assumption. I made quite a few attempts to fix and this is the only one within proximity to the time that the issue showed resolution. @cPanelMichael If you know my above assumption to be incorrect, then please advise as it would be nice to have certainty on what exactly resolved the issue.

I'm not sure what specific changes you made, and to which particular hosts file, however your explanation makes the most sense as to why it was not detecting the correct SSL certificate.

Thank you.