Twitter SSL Certificate Problem

So I’ve been trying to use the twitter module for ages, and I am getting an error code in the logs that says ‘Error contacting Twitter API: SSL certificate problem: unable to get local issuer certificate’. Any suggestions for a resolution??

Thanks :slight_smile:

Looks like a curl cert issue I think, perhaps have a look here Using Tickers, Forecast, Twitter and other external resources that make use of HTTPS connections

Thanks I tried that, I installed the CMS using docker and I’m unable to find the php.ini file so where would I direct the ca cert file in this case? (Or install curl in the first place and get it working with docker)

If you’re using docker, then that should not be a problem, is it 1.8.2 CMS?

Have you also connected your twitter account as described here (with API key/secret) - http://xibo.org.uk/manual/en/media_module_twitter.html

Is that fresh 1.8 series installation or upgrade from earlier series?

If the module is configured correctly, then perhaps run ‘verify all’ on Modules page.

As Peter says, the SSL certificate file is built in to the container so there’s no need to do that on a Docker based installation.

The only other reasons that you’d get that error are if the date/time on the server are wrong, or if you’re using a proxy server that issues its own SSL certificates for the purposes of content filtering or monitoring. In that case, you’d need to add the proxy servers certificates in to the certificates that the container uses to validate SSL connections, or make an exception in the proxy such that SSL connections from the CMS aren’t intercepted.

Yes I’m using docker + CMS 1.8.2 - I have tried and checked both of the suggestions but I’m still getting the error

I’ll look into this further and keep trying, thanks for the suggestions :slight_smile:

Get a shell in the web container, and then try calling curl directly against twitter.com

That might give a better idea what the error is:

docker ps

Find the container with cms-web_1 in the name, then, if it’s for example xibodocker_cms-web_1

docker exec -ti xibodocker_cms-web_1 bash
curl -iv https://twitter.com > /dev/null
exit

What does that output? It should basically try and connect to Twitter and dump out the headers and hopefully a more verbose error.

Thanks I’ve done that & below is the output from PowerShell - all I can think the issue might be is that it says ‘CAfile: none’ - if this is the issue how is this rectified?

PS X:> docker exec -ti xibo_cms-web_1 bash
root@9f5a773a86fa:/# cur -iv https://twitter.com > /dev/null
bash: cur: command not found
root@9f5a773a86fa:/# curl -iv https://twitter.com > /dev/null

  • Rebuilt URL to: https://twitter.com/
  • Hostname was NOT found in DNS cache
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0* Trying 104.244.42.65…
  • Connected to twitter.com (104.244.42.65) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
    } [data not shown]
  • SSLv3, TLS handshake, Server hello (2):
    { [data not shown]
  • SSLv3, TLS handshake, CERT (11):
    { [data not shown]
  • SSLv3, TLS handshake, Server key exchange (12):
    { [data not shown]
  • SSLv3, TLS handshake, Server finished (14):
    { [data not shown]
  • SSLv3, TLS handshake, Client key exchange (16):
    } [data not shown]
  • SSLv3, TLS change cipher, Client hello (1):
    } [data not shown]
  • SSLv3, TLS handshake, Finished (20):
    } [data not shown]
  • SSLv3, TLS change cipher, Client hello (1):
    { [data not shown]
  • SSLv3, TLS handshake, Finished (20):
    { [data not shown]
  • SSL connection using ECDHE-RSA-AES128-GCM-SHA256
  • Server certificate:
  •    subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware;
    

serialNumber=4337446; street=Suite 900; street=1355 Market St; postalCode=94103; C=US; ST=California; L=San Francisco;
O=Twitter, Inc.; OU=tsa_f Point of Presence; CN=twitter.com

  •    start date: 2017-01-12 00:00:00 GMT
    
  •    expire date: 2019-01-17 12:00:00 GMT
    
  •    subjectAltName: twitter.com matched
    
  •    issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
    
  •    SSL certificate verify ok.
    

GET / HTTP/1.1
User-Agent: curl/7.35.0
Host: twitter.com
Accept: /

< HTTP/1.1 200 OK
< cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
< content-length: 113928
< content-type: text/html;charset=utf-8
< date: Mon, 18 Sep 2017 08:23:26 GMT
< expires: Tue, 31 Mar 1981 05:00:00 GMT
< last-modified: Mon, 18 Sep 2017 08:23:26 GMT
< pragma: no-cache

  • Server tsa_f is not blacklisted
    < server: tsa_f
    < set-cookie: fm=0; Expires=Mon, 18 Sep 2017 08:23:17 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly
    < set-cookie: _twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3J
    lYXRlZF9hdGwrCBe%252BFZReAToMY3NyZl9p%250AZCIlZTkyZmU1ZDljYTA2NzJmMjc4M2IwMDBmNzQ1NWZkZDY6B2lkIiUyZTg1%250AYTllYmUyNjBhN
    DQyYTkyMTE5OTM4MjAxMDllNg%253D%253D–cd28c0f175a810b9ac731067222650bf86d7ee8d; Path=/; Domain=.twitter.com; Secure; HTTP
    Only
    < set-cookie: personalization_id=“v1_Pegxq1nuUxCZiGrC6O3waw==”; Expires=Wed, 18 Sep 2019 08:23:26 UTC; Path=/; Domain=.t
    witter.com
    < set-cookie: guest_id=v1%3A150572300648382990; Expires=Wed, 18 Sep 2019 08:23:26 UTC; Path=/; Domain=.twitter.com
    < set-cookie: ct0=58205bc68a0979b9ad2c0739df60d2c1; Expires=Mon, 18 Sep 2017 14:23:26 UTC; Path=/; Domain=.twitter.com;
    Secure
    < status: 200 OK
    < strict-transport-security: max-age=631138519
    < x-connection-hash: ab6cc69f454fe5c5d6adcd2d321e0d00
    < x-content-type-options: nosniff
    < x-frame-options: SAMEORIGIN
    < x-response-time: 236
    < x-transaction: 0071bc5d002cb9ae
    < x-twitter-response-tags: BouncerCompliant
    < x-ua-compatible: IE=edge,chrome=1
    < x-xss-protection: 1; mode=block
    <
    { [data not shown]
    100 111k 100 111k 0 0 347k 0 --:–:-- --:–:-- --:–:-- 347k
  • Connection #0 to host twitter.com left intact
    root@9f5a773a86fa:/#

That’s working fine then, so I don’t think the issue you’re seeing is a certificate issue.

Perhaps it was originally, and you’ve resolved that already, and now it’s something else?

Got this all working now thank you :slight_smile:
On a side note, is it possible to increase the text size in the twitter metro module? I need it quite small and can’t see a way to increase the size in override layout or anything