I upgraded my MediaWiki to 1.35 and want to use the VisualEditor. Problem is the error below, when I click on the edit button:
Error contacting the Parsoid/RESTBase server: (curl error: 60) SSL peer certificate or SSH remote key was not OK
It is a private wiki, running behind an apache reverse proxy with an Letsencrypt SSL certificate. Anybody has an idea what to do here?
On
Had the error after an update to version 1.35.2. Internal https communication does not work with self-signed certificates.
Change in the file /etc/ssl/openssl.cnf
CipherString = DEFAULT @ SECLEVEL = 2 to CipherString = DEFAULT @ SECLEVEL = 1
On
We encountered this error in our Wiki too. While the error shown in MediaWiki says:
Error contacting the Parsoid/RESTBase server: (curl error: 60) SSL peer certificate or SSH remote key was not OK
Our detection system gave us a more standard:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
We inspected our SSL certificates as a consequence, although there were no visible SSL errors when browsing the site.
The problem was, in our case:
Adding the CA SSL Certificate key immediately solved the problem.
The error messages comes from the parsing API that VisualEditor's own PHP backend is sending a request to. There might be something wrong with how the URL is specified (e.g. you are using
localhostinstead of the domain which is in the certificate), the web server might be configured incorrectly (you can check with some SSL testing tool), the operating system might have an outdated cert bundle...My guess would be this request (where MediaWiki tries to make a web request to itself) doesn't go through the reverse proxy, so the cert is not added, but the URL scheme is nevertheless HTTPS, which makes curl freak out. The fix is probably to set
$wgInternalServerto the HTTP version of$wgServer(or justlocalhost, depending on your setup).