I’m trying to set this plugin up but all I ever get is:
You are not connected to Discourse. If you are setting up the plugin, this notice should go away after completing the form on this page.
All the settings on the connection seem fine. The URL is there and the API key. I’ve tried looking through logs on both my wordpress server and Discourse but I’m not seeing anything. There’s a good chance I’m not looking at the right logs though.
The first thing to check is that the settings are correct. Make sure you are using the master API Key and that the publishing username is set to either ‘system’, or the name of the system user if you have changed the ‘system’ username, or the name of an admin user on your forum.
If that’s not the problem, there are a few possible issues related to https. Are you using https on your forum?
Yep, it’s the master API key. I tried resetting it once with no change. I haven’t changed the system username so that should be fine.
I am using https for the forum. I wasn’t using HTTPS for the wordpress site and I thought that was the issue so I converted the wordpress site to HTTPS. Both are using the same comodo wildcard cert for *.domain.com.
It’s a long shot, but could you try installing this plugin on your WordPress site and running the test against the PayPal endpoint? When the plugin is activated, the test is available under Tools/TLS on the WordPress dashboard.
Here’s another plugin that you can use to get some feedback about what’s going on when the initial request is made to Discourse. It adds an item to the admin toolbar. If you activate it, and then refresh the WP Discourse Connection page, it should tell you what the response is from the request.
Since you couldn’t get a connection even before HTTPS was enabled on your WordPress site, I’m not sure what the problem is. I can look at this some more later.
Possibly, looking at the access log for your forum can give some information about what’s going on. To get there, ssh into your forum’s server, then:
$ cd /var/discourse $ ./launcher enter app $ cd /var/log/nginx $ tail -f access.log
On your WordPress site, click the save options button on the WP Discourse Connection tab. You should see some sort of response in the Discourse access log.
Well now this is interesting. Access log has absolutely nothing when I put the address as https://discourse.domain.com. When I do http://discourse.domain.com, it looks like it tries to process the API call but gets what I’m guessing is redirect to https (301).
* Hostname was NOT found in DNS cache
* Trying 10.0.0.X...
* Connected to discourse.domain.com (10.0.0.X) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Then it works after adding the CA bundle for my cert to the end of the cacert file. I’m not sure why it doesn’t work without the --cacert flag because CApath: /etc/ssl/certs should parse the cacert.pem file that’s in that path, no?
I can curl https://google.com without specifying a cacert so I know it’s reading some authorities without problems.
I also added
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /etc/ssl/certs/cacert.pem
to the apache php.ini file and restarted apache. Still not working in wordpress.
I ran openssl s_client -host discourse.server.com -port 443 -CApath /etc/ssl/certs and it errored out
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.domain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.domain.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.domain.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.domain.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---