Can't get by "You are not connected to Discourse" message


#1

I’m trying to set this plugin up but all I ever get is:

You are not connected to Discourse. If you are setting up the plugin, this notice should go away after completing the form on this page.

All the settings on the connection seem fine. The URL is there and the API key. I’ve tried looking through logs on both my wordpress server and Discourse but I’m not seeing anything. There’s a good chance I’m not looking at the right logs though.

Any suggestions of what to look for?


(Simon Cossar) #2

The first thing to check is that the settings are correct. Make sure you are using the master API Key and that the publishing username is set to either ‘system’, or the name of the system user if you have changed the ‘system’ username, or the name of an admin user on your forum.

If that’s not the problem, there are a few possible issues related to https. Are you using https on your forum?


#3

Yep, it’s the master API key. I tried resetting it once with no change. I haven’t changed the system username so that should be fine.

I am using https for the forum. I wasn’t using HTTPS for the wordpress site and I thought that was the issue so I converted the wordpress site to HTTPS. Both are using the same comodo wildcard cert for *.domain.com.


(Simon Cossar) #4

It’s a long shot, but could you try installing this plugin on your WordPress site and running the test against the PayPal endpoint? When the plugin is activated, the test is available under Tools/TLS on the WordPress dashboard.


(Simon Cossar) #5

Here’s another plugin that you can use to get some feedback about what’s going on when the initial request is made to Discourse. It adds an item to the admin toolbar. If you activate it, and then refresh the WP Discourse Connection page, it should tell you what the response is from the request.


#6

Top three tests were fine. Last one says:

Make sure you are running OpenSSL/1.0.1 or higher, NSS/3.15.1 or higher, or the latest version of other cryptographic libraries.


(Simon Cossar) #7

Do you have access to the command line for your WordPress installation?


#8

I do have command line access to the server.


(Simon Cossar) #9

Can you check it to see if php-curl is installed?


#10

This is the curl info on a phpinfo page:

cURL support enabled
cURL Information 7.38.0
Age 3
Features
AsynchDNS Yes
CharConv No
Debug No
GSS-Negotiate No
IDN Yes
IPv6 Yes
krb4 No
Largefile Yes
libz Yes
NTLM Yes
NTLMWB Yes
SPNEGO Yes
SSL Yes
SSPI No
TLS-SRP Yes
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtmp, rtsp, scp, sftp, smtp, smtps, telnet, tftp
Host x86_64-pc-linux-gnu
SSL Version OpenSSL/1.0.1t
ZLib Version 1.2.8
libSSH Version libssh2/1.4.3

Is that what you’re asking about?


(Simon Cossar) #11

Since you couldn’t get a connection even before HTTPS was enabled on your WordPress site, I’m not sure what the problem is. I can look at this some more later.

Possibly, looking at the access log for your forum can give some information about what’s going on. To get there, ssh into your forum’s server, then:

$ cd /var/discourse
$ ./launcher enter app
$ cd /var/log/nginx
$ tail -f access.log

On your WordPress site, click the save options button on the WP Discourse Connection tab. You should see some sort of response in the Discourse access log.


#12

Well now this is interesting. Access log has absolutely nothing when I put the address as https://discourse.domain.com. When I do http://discourse.domain.com, it looks like it tries to process the API call but gets what I’m guessing is redirect to https (301).


(Simon Cossar) #13

Do you get any kind of response if you enter
curl https://forum.yourdomain.com/site.json
from the command line?


#14

So close!

curl https://discourse.domain.com/site.json -v

=

* Hostname was NOT found in DNS cache
*   Trying 10.0.0.X...
* Connected to discourse.domain.com (10.0.0.X) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

If I do

    curl https://discourse.domain.com/site.json -v --cacert /etc/ssl/certs/cacert.pem

Then it works after adding the CA bundle for my cert to the end of the cacert file. I’m not sure why it doesn’t work without the --cacert flag because CApath: /etc/ssl/certs should parse the cacert.pem file that’s in that path, no?

I can curl https://google.com without specifying a cacert so I know it’s reading some authorities without problems.

I also added

[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = /etc/ssl/certs/cacert.pem

to the apache php.ini file and restarted apache. Still not working in wordpress.


#15

I did some odd stuff but it’s working now.

I ran openssl s_client -host discourse.server.com -port 443 -CApath /etc/ssl/certs and it errored out

depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.domain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.domain.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.domain.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.domain.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---

The cert chain got me thinking…
I googled Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA and the first link was:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/970/108/intermediate-2-sha-2-comodo-rsa-domain-validation-secure-server-ca

I downloaded that CA to /etc/ssl/certs on the wordpress server and everything came to life. curl works, WP-Discourse is connected, yadda yadda yadda.

Still need to test some more and make sure it’s all working but I was able to post to discourse from WP on a test post.