cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Jetpack SSL error

I have a site in the basic version of Managed Wordpress. It has SSL enabled, which - because it's a shared server - means it is using a GoDaddy certificate that I cannot change. No problem with that. Except that Jetpack is now rejecting connection because an update to the openssl software they use means that it will not validate the GoDaddy certificate. The reason is that the GoDaddy cert is signed with a CA cert and that is signed by the GoDaddy root cert. The openssl software only receives the server cert (not the signing cert) and so cannot verify the server cert. A (modern) browser on the other hand will look in the server cert for the URL for the signing cert and fetch it, so I see no errors in using the web site.

 

What would be nice is if the engineers at GoDaddy could make the shared server send the signing cert as well as the server cert. That would satisfy both openssl (and hence Jetpack) and older browsers and really minimal ones like CURL (which is what Jetpack uses). There is an explanation of how to do it for Apache here (https://stackoverflow.com/questions/30344893/how-to-force-apache-2-2-to-send-the-full-certificate-ch...) and if they're not using Apache then there will be a similar procedure for other HTTP servers.

 

Of course I could (and maybe should) ask the CURL or openssl community to generate a fix, too.

 

I have indeed called GoDaddy support and the agent wouldn't record the suggestion ... Just advised me to upgrade to a dedicated (cpanel) hosting so that I could manage the options myself. Yes of course ... And I do appreciate I am using a budget product. But not even recording the suggestion? Ah well. Maybe I didn't make it clear enough. Hope the above is clear.

1 REPLY 1
Former Employee

Hey Stevewlrls,

 

I hope I can shed some light on this. The reason the SSL is not working is not an issue on GoDaddys end, it is simply a limitation on how SSL's function on a server side level. For how you are attempting to use it, you would need to be referencing the Servers hostname which would completely change how your url would show on your website.

 

The correct way to resolve this would be to purchase an SSL certificate and install it on your hosting account. This will allow you to perform those SSL functions as you are trying. Just how Server side SSL certificates function, there is no way to tie it to the site in the manner you are trying to. 

 

Hope this helps! 

~Jay