I work on a macbook (Catalina 10.15.7) and develop a webapp on my local machine. I use the mailtrap.io email testing service to check outgoing emails. I haven't changed anything, but a few days ago the mailtrap service gives back the below error message:
ErrorException stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Illuminate\Foundation\Bootstrap\HandleExceptions::handleError vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php:94
The same code and call works fine from the remote server, so it seems that the problem is related my local mac machine.
Mailtrap advises the following:
Regarding SSL error while trying to send emails to Mailtrap: You are not alone. Please update your OpenSSL version You might hear about the global issue with Letsencrypt certificates: its old root certificate expired on Sep 30. Mostly it impacted clients who use OpenSSL versions prior 1.1.0. The most common solution is to update your OpenSSL. If you can’t do that read the recipe for v.1.0.2 from OpenSSL.
My first approach was to remove the expired certificate and install the some new ones. I removed the DST Root CA X3 section from /etc/ssl/cert.pem file and removed all DST Root CA X3 instances using the Keychain Access app. Then I installed the ISRG Root X1 and ISRG Root X2 using the Keychain Access app setting them to always trust. Unfortunately I still get the same error message after rebooting.
The second approach would be update OpenSSL on my machine. The "openssl version" command tells me that I have LibreSSL 2.8.3 on my machine, so I assume this is what I need to update. Checking the libreSSL release notes it seems that there already a fix for this problem. But I'm a little concerned that I mess-up my mac with this procedure.
Am I on the right track? Should I update LibreSSL to the latest version? If yes, how do I do that? Are there any better solutions to this problem? I'm really concerned about updating LibreSSL without the rest of the OS maybe not being compatible with it.
Thanks, W.
Thanks for the comment! In the meanwhile I realized (form phpInfo()) that it is my php installation that uses the expired certificate. I found the right openSSL installation based on phpInfo and deleted the DST Root CA X3 certificate from the .pem file under this installation. This solved my problem. Thanks for the suggestion anayway!