Hello,
We have some troubles to make the automatic update for matomo and for the plugins working. The installation is behind a proxy which is using our own certificate.
For Plugins:
curl_exec: Peer’s Certificate issuer is not recognized… Hostname requested was: plugins.matomo.org
We tested curl am same server as our matomo installation. that is working fine, we get successful response freom https://plugins.matomo.org .
But if we try within matomo we got the error
Do we need to install our certificate inside matomo or what would be the way that matomo “find” our certificat?
Your help is appreciated.
Unfortunately it is noting we didn’t try.
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /etc/pki/ca-trust/source/anchors/xxxxxxx.pem
And curl on the server is working:
Connected to proxy.xxxxxx.xx(xx.xx.xx.xx) port 8080 (#0)
* Establish HTTP proxy tunnel to plugins.matomo.org:443
* Proxy auth using Basic with user 'xxxxxxx'
CONNECT plugins.matomo.org:443 HTTP/1.1
Host: plugins.matomo.org:443
Proxy-Authorization: Basic b3JnXGRpZW5zdF9seHJlcG86VG9yXzMzX2FsZCQ=
User-Agent: curl/7.29.0
Proxy-Connection: Keep-Alive
HTTP/1.0 200 Connection established
Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/xxxx/xxxx
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=plugins.matomo.org
* start date: Oct 18 10:46:24 2018 GMT
* expire date: Oct 18 10:46:24 2019 GMT
* common name: plugins.matomo.org
* issuer: xxxxxxxxxxx
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: plugins.matomo.org
> Accept: */*
Because otherwise there would be an endless number of people who can’t use Matomo because they are using an outdated os and don’t have the Let’s Encrypt certificate.
Wordpress seems to be doing the same (But have not updated it since 2015 and added their own CAs?)