1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Facebook Integration Issues

Discussion in 'XenForo Questions and Support' started by CoZmicShReddeR, Apr 12, 2015.

  1. CoZmicShReddeR

    CoZmicShReddeR Active Member

    Issue:
    Error
    Your server could not connect to Facebook (https://graph.facebook.com). Try again later. If the issue persists, contact your host.

    Hello, I run my own dedicated Windows 2008 64-bit server and have a simple SSL crt installed not sure that's an issue why the Facebook Integration fails but I need some help as I have been searching for fixes and nothing works... I do not use the site on https by default I just have it running on my server for people who are forced to use only sites with https...

    I disabled my Firewall, Re-Created the Facebook App with Web as the App with my domain for Site URL http://www.cozworld.com/

    I at the point that I thinking XenForo needs an update for the Facebook Integration to work properly but I take it I am not alone with this issue??

    Anyways I have followed all the tutorials I can follow need something a bit more critical on this fix if anyone's willing to help...
     
  2. Mike

    Mike XenForo Developer Staff Member

  3. CoZmicShReddeR

    CoZmicShReddeR Active Member

    Maybe you can help me out a tiny bit...

    I am using latest version of XAMPP for Windows...
    https://www.apachefriends.org/index.html

    Includes: Apache 2.4.10, MySQL 5.6.21, PHP 5.6.3, phpMyAdmin 4.2.11, OpenSSL 1.0.1, XAMPP Control Panel 3.2.1, Webalizer 2.23-04, Mercury Mail Transport System 4.63, FileZilla FTP Server 0.9.41, Tomcat 7.0.56 (with mod_proxy_ajp as connector), Strawberry Perl 7.0.56 Portable

    PHP Info shows
    Untitled-1.png

    In my Vhost I have
    <VirtualHost *:80>
    ServerAdmin admin@cozworld.com
    DocumentRoot "G:/xampp/htdocs/cozworld/"
    ServerName cozworld.com
    ServerAlias www.cozworld.com cozworld.com
    ErrorLog "logs/cozworld-error.log"
    CustomLog "logs/cozworld-access.log" common
    </VirtualHost>
    <VirtualHost *:443>
    ServerAdmin admin@cozworld.com
    DocumentRoot "G:/xampp/htdocs/cozworld/"
    ServerName cozworld.com
    ServerAlias www.cozworld.com cozworld.com
    SSLEngine on
    SSLCertificateFile conf/ssl.crt/cozworld_com.crt
    SSLCertificateKeyFile conf/ssl.key/cozworld.key
    </VirtualHost>

    Now there is no openssl.cafile file anywhere I can see tried searching for it doesn't exist...

    I also received these from the SSL host but not using them have them in the cozworld_com.crt folder

    AddTrustExternalCARoot.crt
    COMODORSAAddTrustCA.crt
    COMODORSADomainValidationSecureServerCA.crt
     
  4. Mike

    Mike XenForo Developer Staff Member

    Can you create the following script:
    Code:
    <?php
    header('Content-type: text/plain');
    print_r(openssl_get_cert_locations());
    And put it somewhere web accessible as cert.php and access it. What does it print? You should see some file names/directories there -- do they exist?

    (I should note that I'm doing a bit of a stab in the dark that this is the error since we don't really expose the specific error here.)
     
  5. batpool52!

    batpool52! Well-Known Member

    XAMPP doesn't include the CA file by default from what I know so you'll require to get the CA file and and adjust openssl.ca_path or something like that to that ca file. Also if you're using the SSL you got in the email, don't you need to recomiple (I don't know better term for it) the crt file and then use it. Use this command
    Code:
    copy /b crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle > C:\my_sexy_forum_ssl.crt
    in cmd and run as Administrator. After that use new crt file my_sexy_forum_ssl.crt generated in C drive root.
     
  6. CoZmicShReddeR

    CoZmicShReddeR Active Member

    Code:
    Array
    (
        [default_cert_file] => c:/openssl-1.0.1i-win32/ssl/cert.pem
        [default_cert_file_env] => SSL_CERT_FILE
        [default_cert_dir] => c:/openssl-1.0.1i-win32/ssl/certs
        [default_cert_dir_env] => SSL_CERT_DIR
        [default_private_dir] => c:/openssl-1.0.1i-win32/ssl/private
        [default_default_cert_area] => c:/openssl-1.0.1i-win32/ssl
        [ini_cafile] =>
        [ini_capath] =>
    )
     
  7. CoZmicShReddeR

    CoZmicShReddeR Active Member

    I could use a little bit more info like your talking to a dummy who learns fast once he has it! ;)

    This is what they gave me in the email:

    Attached to this email you should find a .zip file containing:

    Root CA Certificate - AddTrustExternalCARoot.crt
    Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    Your PositiveSSL Certificate - cozworld_com.crt

    What your saying is I need to tell my Dedicated Windows Server this is where to look??
     
  8. batpool52!

    batpool52! Well-Known Member

    The Certificate you got in email is OK, but not ready for use. So you need to create a new certificate is accepted in global browsers aka valid for everyone. What is the web server are you using?

    What you need to tell your web server in your dedicated server is to use the new crt file that was created using the command I gave above
    and then restart your webserver and after that it should be fine.
     
  9. Mike

    Mike XenForo Developer Staff Member

    My theory about the SSL cert not being validated may be incorrect as I know of another XAMPP 5.6.3 install that had no issue. Unfortunately, we don't really give a great, detailed error here.

    Try this, in library/XenForo/Helper/Facebook.php, look for the code here and add the line in red:
    Code:
            catch (Zend_Http_Client_Exception $e)
            {
                XenForo_Error::logException($e, false);
                return false;
            }
    
    This should occur 3 times in the file so add the line to each. Try the FB integration test and then check the server error log. Is anything there?
     
  10. CoZmicShReddeR

    CoZmicShReddeR Active Member

    Code:
    Zend_Http_Client_Adapter_Exception: Unable to Connect to ssl://graph.facebook.com:443. Error #10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. - library\Zend\Http\Client\Adapter\Socket.php:235
    Generated By: CoZmicShReddeR, A moment ago
    Stack Trace
    #0 G:\xampp\htdocs\cozworld\library\Zend\Http\Client.php(973): Zend_Http_Client_Adapter_Socket->connect('graph.facebook....', 443, true)
    #1 G:\xampp\htdocs\cozworld\library\XenForo\Helper\Facebook.php(37): Zend_Http_Client->request('GET')
    #2 G:\xampp\htdocs\cozworld\library\XenForo\Helper\Facebook.php(75): XenForo_Helper_Facebook::getAccessToken('http://www.cozw...', 'AQB4D3CqogZNEeF...')
    #3 G:\xampp\htdocs\cozworld\library\XenForo\ControllerAdmin\Tools.php(221): XenForo_Helper_Facebook::getAccessTokenFromCode('AQB4D3CqogZNEeF...', 'http://www.cozw...')
    #4 G:\xampp\htdocs\cozworld\library\XenForo\FrontController.php(347): XenForo_ControllerAdmin_Tools->actionTestFacebook()
    #5 G:\xampp\htdocs\cozworld\library\XenForo\FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
    #6 G:\xampp\htdocs\cozworld\admin.php(13): XenForo_FrontController->run()
    #7 {main}
    Request State
    array(3) {
      ["url"] => string(442) "http://www.cozworld.com/admin.php?tools%2Ftest-facebook&x=%3F%2F%26%3D&y=2&code=AQB4D3CqogZNEeFyD3RSvlbPhG0aQZKOVMiapt2PPtdLREKRjnUi6o57UFNDYlyyqjBhdqhA2_5Ojxn6hqfW9O2o7ck6wBhDH4MrhVcooSw_Cq20xdl6M_FuLnBJTQOoRpCWHRjXm4MCuvBCU20j5hWdJ5pjhkyeophQ2MiRgSmw0WqJxT4XAitVcQDe3WAVJgJlrPmMqa4tj4rPEixwA4V-Vn3d0iGkIpuzoXumHftIwoVPloS3QSXUSyTkmE9s_ZQW9o8ASeifcCmCwaQ5PlqBtWL1YHlxk9PJGGqDg5YRqhIog6NGXpjH6FGKAgx9iQI&state=243ad555d629353e0335f28b6358a79b"
      ["_GET"] => array(5) {
        ["tools/test-facebook"] => string(0) ""
        ["x"] => string(4) "?/&="
        ["y"] => string(1) "2"
        ["code"] => string(323) "AQB4D3CqogZNEeFyD3RSvlbPhG0aQZKOVMiapt2PPtdLREKRjnUi6o57UFNDYlyyqjBhdqhA2_5Ojxn6hqfW9O2o7ck6wBhDH4MrhVcooSw_Cq20xdl6M_FuLnBJTQOoRpCWHRjXm4MCuvBCU20j5hWdJ5pjhkyeophQ2MiRgSmw0WqJxT4XAitVcQDe3WAVJgJlrPmMqa4tj4rPEixwA4V-Vn3d0iGkIpuzoXumHftIwoVPloS3QSXUSyTkmE9s_ZQW9o8ASeifcCmCwaQ5PlqBtWL1YHlxk9PJGGqDg5YRqhIog6NGXpjH6FGKAgx9iQI"
        ["state"] => string(32) "243ad555d629353e0335f28b6358a79b"
      }
      ["_POST"] => array(0) {
      }
    }
    
     
  11. CoZmicShReddeR

    CoZmicShReddeR Active Member

    I know your most likely wondering why I cannot piece it together but how exactly do I do it with this stuff??

    Root CA Certificate - AddTrustExternalCARoot.crt
    Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    Your PositiveSSL Certificate - cozworld_com.crt

    Like what goes here??? crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle

    copy /b crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle > C:\cozworld_com.crt
     
  12. batpool52!

    batpool52! Well-Known Member

    Code:
    copy /b cozworld_com.crt+ca-bundle.crt > C:\cozworld_new_com.crt
    Also I haven't seen you mentioning anything about ca-bundle, You haven't got that?
     
  13. Mike

    Mike XenForo Developer Staff Member

    This is actually a timeout error coming from WinSock itself. That would point to a networking issue or a firewall still being involved.
     
  14. CoZmicShReddeR

    CoZmicShReddeR Active Member

    Sorry took a break trying to fix this issue....

    I never received a bundle file only what I posted
     
  15. CoZmicShReddeR

    CoZmicShReddeR Active Member

    Hey Mike, I disabled my firewall didn't fix anything... I am running my website on my own personal Dedicated Windows 2008 R2 server at a Datacenter....

    I think batpool52! is on the right track obviously I can use https://www.cozworld.com I just cannot get the outbound to work...

    So if there is a way to change all the default setting of
    Code:
    Array
    (
        [default_cert_file] => c:/openssl-1.0.1i-win32/ssl/cert.pem
        [default_cert_file_env] => SSL_CERT_FILE
        [default_cert_dir] => c:/openssl-1.0.1i-win32/ssl/certs
        [default_cert_dir_env] => SSL_CERT_DIR
        [default_private_dir] => c:/openssl-1.0.1i-win32/ssl/private
        [default_default_cert_area] => c:/openssl-1.0.1i-win32/ssl
        [ini_cafile] =>
        [ini_capath] =>
    )
    I am not sure but I think all of that stuff was embedded when I downloaded easy or simple ssl?? Not sure if those settings are being directed from XAMPP it self or if it's coded into a Windows file? I did do a search of my server didn't turn up anything so am thinking it's in the Registry?

    I am in no rush to fix so please understand I might drift in and out of talking about this but I have been trying to fix it with all your suggestions!!

    :)
     
  16. batpool52!

    batpool52! Well-Known Member

  17. CoZmicShReddeR

    CoZmicShReddeR Active Member

    Ok seems it took me a good long while to finally fix an issue that has plagued me for a long time...

    I am sure this will help countless other Windows users and Windows Dedicated Server users fix this issue and please include something for xenForo from this as a way to help others fix Facebook connect error. It also helped fix the Google connection so please include it for that as well...

    Code:
    Error
    Your server could not connect to Facebook (https://graph.facebook.com). Try again later. If the issue persists, contact your host.
    On my Windows 2008 Dedicated server I had already disabled IPV6 from the Network Chips/Cards a long time ago and I thought it was not an issue but there were still unseen components running in the background using it somewhere through the Registry which for whatever reason was ruining the outbound connection for https connections to Facebook and Google Https Authentication!

    I used the Windows fix "Disable IPv6"
    https://support.microsoft.com/en-us/kb/929852

    But you can edit the registry yourself... You have to reboot your sever in order for this to work successfully!
     
  18. batpool52!

    batpool52! Well-Known Member

    For those who don't like going to Registry Editor (me), here is the command line which will disable IPv6 for you. Open Command Prompt as Administrator (root) and copy > paste > {ENTER}
    Code:
    reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 000000ff /f
     
    CoZmicShReddeR likes this.

Share This Page