I think I’m just missing something here, so I’m not submitting this as an issue as of yet: At some point on my local dev copies (3.0.0-alpha3 specifically) I lost the ability to install or update packages. I’m getting this curl ssl error in the modx logs:
[2021-10-19 22:10:16] (ERROR @ [...]/GIT-Projects/revolution/core/vendor/
guzzlehttp/guzzle/src/Handler/CurlFactory.php : 211)
GuzzleHttp\Exception\RequestException sending GET package for provider
modx.com: cURL error 60: SSL certificate problem: certificate has expired
(see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for
https://rest.modx.com/extras/package
?api_key=&username=&uuid=3e2c4556-5788-4556-acde-6a897902f6ae
&database=mysql&revolution_version=Revolution-3.0.0-alpha3
&supports=Revolution-3.0.0-alpha3&http_host=revo.local&php_version=7.4.12
&language=en&query=0&tag=0&sorter=0&start=0&limit=10
&dateFormat=%25Y-%25m-%25d&supportsSeparator=%2C+
&action=Workspace%2FPackages%2FRest%2FGetList&provider=1&page=0
Note that all else works as expected in the manager and on the front end, all on https. I’m running MAMP on macos and believe I remember not having this problem a month or so ago. Has anyone had this issue? Thanks for any clues you can give…
It looks like the SSL certificate at modx.com has expired.
You can set CURLOPT_SSL_VERIFYHOST=false in the code (if you can find the place to do it), but it makes your site less secure. It’s probably best to report it as a bug here and wait for a fix at modx.com.
Yes, that’s what I would have thought. However, a non-local installation of the 3.0.0-alpha3 (packaged) release I installed back in June is working fine.
Now, interestingly, I just tried the most simple thing on my local dev install — changed the provider to http://rest.modx.com/extras (instead of https://…) — and it works fine. Note that my external install mentioned above does successfully connect with https.
Could it have something to do with modx.com using LetsEncrypt for its cert? Maybe guzzle/curl doesn’t like that. As I’m sure you know normally you have to explicitly trust LE certs. That it behaves differently local vs external is baffling me.
The SSL certificates at modx.com are certainly not expired. I’m viewing the main site and the rest subdomain and not seeing any issue with the certificates.
Can you try updating mamp? Someone else had a similar issue with accessing the modmore provider last week, which was solved by an update. That came with a new version of curl and openssl that resolved the problem IIRC
Actually, it looks like the certificate chain needed to be updated on a few of our certs in order for them to work in some environments. Should be good now.