XF 1.4 Facebook Integration Issues

[CoZmicShReddeR]

Issue:
Error
Your server could not connect to Facebook (https://graph.facebook.com). Try again later. If the issue persists, contact your host.

Hello, I run my own dedicated Windows 2008 64-bit server and have a simple SSL crt installed not sure that's an issue why the Facebook Integration fails but I need some help as I have been searching for fixes and nothing works... I do not use the site on https by default I just have it running on my server for people who are forced to use only sites with https...

I disabled my Firewall, Re-Created the Facebook App with Web as the App with my domain for Site URL http://www.cozworld.com/

I at the point that I thinking XenForo needs an update for the Facebook Integration to work properly but I take it I am not alone with this issue??

Anyways I have followed all the tutorials I can follow need something a bit more critical on this fix if anyone's willing to help...

 

[Mike]

Are you running PHP 5.6? Is the necessary certificate bundle in place? (The openssl.capath / openssl.cafile values in your php.ini: http://php.net/manual/en/migration56.openssl.php)

 

[CoZmicShReddeR]

Maybe you can help me out a tiny bit...

I am using latest version of XAMPP for Windows...
https://www.apachefriends.org/index.html

Includes: Apache 2.4.10, MySQL 5.6.21, PHP 5.6.3, phpMyAdmin 4.2.11, OpenSSL 1.0.1, XAMPP Control Panel 3.2.1, Webalizer 2.23-04, Mercury Mail Transport System 4.63, FileZilla FTP Server 0.9.41, Tomcat 7.0.56 (with mod_proxy_ajp as connector), Strawberry Perl 7.0.56 Portable

PHP Info shows


In my Vhost I have
<VirtualHost *:80>
ServerAdmin admin@cozworld.com
DocumentRoot "G:/xampp/htdocs/cozworld/"
ServerName cozworld.com
ServerAlias www.cozworld.com cozworld.com
ErrorLog "logs/cozworld-error.log"
CustomLog "logs/cozworld-access.log" common
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@cozworld.com
DocumentRoot "G:/xampp/htdocs/cozworld/"
ServerName cozworld.com
ServerAlias www.cozworld.com cozworld.com
SSLEngine on
SSLCertificateFile conf/ssl.crt/cozworld_com.crt
SSLCertificateKeyFile conf/ssl.key/cozworld.key
</VirtualHost>

Now there is no openssl.cafile file anywhere I can see tried searching for it doesn't exist...

I also received these from the SSL host but not using them have them in the cozworld_com.crt folder

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt

 

[Mike]

Can you create the following script:

<?php
header('Content-type: text/plain');
print_r(openssl_get_cert_locations());

And put it somewhere web accessible as cert.php and access it. What does it print? You should see some file names/directories there -- do they exist?

(I should note that I'm doing a bit of a stab in the dark that this is the error since we don't really expose the specific error here.)

 

[TickTackk]

XAMPP doesn't include the CA file by default from what I know so you'll require to get the CA file and and adjust openssl.ca_path or something like that to that ca file. Also if you're using the SSL you got in the email, don't you need to recomiple (I don't know better term for it) the crt file and then use it. Use this command

copy /b crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle > C:\my_sexy_forum_ssl.crt

in cmd and run as Administrator. After that use new crt file my_sexy_forum_ssl.crt generated in C drive root.

 

[CoZmicShReddeR]

Can you create the following script:

<?php
header('Content-type: text/plain');
print_r(openssl_get_cert_locations());

And put it somewhere web accessible as cert.php and access it. What does it print? You should see some file names/directories there -- do they exist?

(I should note that I'm doing a bit of a stab in the dark that this is the error since we don't really expose the specific error here.)

Array
(
    [default_cert_file] => c:/openssl-1.0.1i-win32/ssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => c:/openssl-1.0.1i-win32/ssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => c:/openssl-1.0.1i-win32/ssl/private
    [default_default_cert_area] => c:/openssl-1.0.1i-win32/ssl
    [ini_cafile] =>
    [ini_capath] =>
)

 

[CoZmicShReddeR]

XAMPP doesn't include the CA file by default from what I know so you'll require to get the CA file and and adjust openssl.ca_path or something like that to that ca file. Also if you're using the SSL you got in the email, don't you need to recomiple (I don't know better term for it) the crt file and then use it. Use this command

copy /b crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle > C:\my_sexy_forum_ssl.crt

in cmd and run as Administrator. After that use new crt file my_sexy_forum_ssl.crt generated in C drive root.

I could use a little bit more info like your talking to a dummy who learns fast once he has it!

This is what they gave me in the email:

Attached to this email you should find a .zip file containing:

Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate - cozworld_com.crt

What your saying is I need to tell my Dedicated Windows Server this is where to look??

 

[TickTackk]

The Certificate you got in email is OK, but not ready for use. So you need to create a new certificate is accepted in global browsers aka valid for everyone. What is the web server are you using?

What your saying is I need to tell my Dedicated Windows Server this is where to look??

What you need to tell your web server in your dedicated server is to use the new crt file that was created using the command I gave above

copy /b crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle > C:\my_sexy_forum_ssl.crt

and then restart your webserver and after that it should be fine.

 

[Mike]

My theory about the SSL cert not being validated may be incorrect as I know of another XAMPP 5.6.3 install that had no issue. Unfortunately, we don't really give a great, detailed error here.

Try this, in library/XenForo/Helper/Facebook.php, look for the code here and add the line in red:

        catch (Zend_Http_Client_Exception $e)
        {
            XenForo_Error::logException($e, false);
            return false;
        }

This should occur 3 times in the file so add the line to each. Try the FB integration test and then check the server error log. Is anything there?

 

[CoZmicShReddeR]

Zend_Http_Client_Adapter_Exception: Unable to Connect to ssl://graph.facebook.com:443. Error #10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. - library\Zend\Http\Client\Adapter\Socket.php:235
Generated By: CoZmicShReddeR, A moment ago
Stack Trace
#0 G:\xampp\htdocs\cozworld\library\Zend\Http\Client.php(973): Zend_Http_Client_Adapter_Socket->connect('graph.facebook....', 443, true)
#1 G:\xampp\htdocs\cozworld\library\XenForo\Helper\Facebook.php(37): Zend_Http_Client->request('GET')
#2 G:\xampp\htdocs\cozworld\library\XenForo\Helper\Facebook.php(75): XenForo_Helper_Facebook::getAccessToken('http://www.cozw...', 'AQB4D3CqogZNEeF...')
#3 G:\xampp\htdocs\cozworld\library\XenForo\ControllerAdmin\Tools.php(221): XenForo_Helper_Facebook::getAccessTokenFromCode('AQB4D3CqogZNEeF...', 'http://www.cozw...')
#4 G:\xampp\htdocs\cozworld\library\XenForo\FrontController.php(347): XenForo_ControllerAdmin_Tools->actionTestFacebook()
#5 G:\xampp\htdocs\cozworld\library\XenForo\FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#6 G:\xampp\htdocs\cozworld\admin.php(13): XenForo_FrontController->run()
#7 {main}
Request State
array(3) {
  ["url"] => string(442) "http://www.cozworld.com/admin.php?tools%2Ftest-facebook&x=%3F%2F%26%3D&y=2&code=AQB4D3CqogZNEeFyD3RSvlbPhG0aQZKOVMiapt2PPtdLREKRjnUi6o57UFNDYlyyqjBhdqhA2_5Ojxn6hqfW9O2o7ck6wBhDH4MrhVcooSw_Cq20xdl6M_FuLnBJTQOoRpCWHRjXm4MCuvBCU20j5hWdJ5pjhkyeophQ2MiRgSmw0WqJxT4XAitVcQDe3WAVJgJlrPmMqa4tj4rPEixwA4V-Vn3d0iGkIpuzoXumHftIwoVPloS3QSXUSyTkmE9s_ZQW9o8ASeifcCmCwaQ5PlqBtWL1YHlxk9PJGGqDg5YRqhIog6NGXpjH6FGKAgx9iQI&state=243ad555d629353e0335f28b6358a79b"
  ["_GET"] => array(5) {
    ["tools/test-facebook"] => string(0) ""
    ["x"] => string(4) "?/&="
    ["y"] => string(1) "2"
    ["code"] => string(323) "AQB4D3CqogZNEeFyD3RSvlbPhG0aQZKOVMiapt2PPtdLREKRjnUi6o57UFNDYlyyqjBhdqhA2_5Ojxn6hqfW9O2o7ck6wBhDH4MrhVcooSw_Cq20xdl6M_FuLnBJTQOoRpCWHRjXm4MCuvBCU20j5hWdJ5pjhkyeophQ2MiRgSmw0WqJxT4XAitVcQDe3WAVJgJlrPmMqa4tj4rPEixwA4V-Vn3d0iGkIpuzoXumHftIwoVPloS3QSXUSyTkmE9s_ZQW9o8ASeifcCmCwaQ5PlqBtWL1YHlxk9PJGGqDg5YRqhIog6NGXpjH6FGKAgx9iQI"
    ["state"] => string(32) "243ad555d629353e0335f28b6358a79b"
  }
  ["_POST"] => array(0) {
  }
}

 

[CoZmicShReddeR]

The Certificate you got in email is OK, but not ready for use. So you need to create a new certificate is accepted in global browsers aka valid for everyone. What is the web server are you using?


What you need to tell your web server in your dedicated server is to use the new crt file that was created using the command I gave above

and then restart your webserver and after that it should be fine.

I know your most likely wondering why I cannot piece it together but how exactly do I do it with this stuff??

Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
Your PositiveSSL Certificate - cozworld_com.crt

Like what goes here??? crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle

copy /b crt_file_i_got_in_email.crt+ca_bundle_file_i_got_in_email.ca-bundle > C:\cozworld_com.crt

 

[TickTackk]

copy /b cozworld_com.crt+ca-bundle.crt > C:\cozworld_new_com.crt

Also I haven't seen you mentioning anything about ca-bundle, You haven't got that?

 

[Mike]

Zend_Http_Client_Adapter_Exception: Unable to Connect to ssl://graph.facebook.com:443. Error #10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. - library\Zend\Http\Client\Adapter\Socket.php:235

This is actually a timeout error coming from WinSock itself. That would point to a networking issue or a firewall still being involved.

 

[CoZmicShReddeR]

copy /b cozworld_com.crt+ca-bundle.crt > C:\cozworld_new_com.crt

Also I haven't seen you mentioning anything about ca-bundle, You haven't got that?

Sorry took a break trying to fix this issue....

I never received a bundle file only what I posted

 

[CoZmicShReddeR]

This is actually a timeout error coming from WinSock itself. That would point to a networking issue or a firewall still being involved.

Hey Mike, I disabled my firewall didn't fix anything... I am running my website on my own personal Dedicated Windows 2008 R2 server at a Datacenter....

I think batpool52! is on the right track obviously I can use https://www.cozworld.com I just cannot get the outbound to work...

So if there is a way to change all the default setting of

Array
(
    [default_cert_file] => c:/openssl-1.0.1i-win32/ssl/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => c:/openssl-1.0.1i-win32/ssl/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => c:/openssl-1.0.1i-win32/ssl/private
    [default_default_cert_area] => c:/openssl-1.0.1i-win32/ssl
    [ini_cafile] =>
    [ini_capath] =>
)

I am not sure but I think all of that stuff was embedded when I downloaded easy or simple ssl?? Not sure if those settings are being directed from XAMPP it self or if it's coded into a Windows file? I did do a search of my server didn't turn up anything so am thinking it's in the Registry?

I am in no rush to fix so please understand I might drift in and out of talking about this but I have been trying to fix it with all your suggestions!!

 

[TickTackk]

@CoZmicShReddeR You can download the bundle file from GitHub @ https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt

 

[CoZmicShReddeR]

Ok seems it took me a good long while to finally fix an issue that has plagued me for a long time...

I am sure this will help countless other Windows users and Windows Dedicated Server users fix this issue and please include something for xenForo from this as a way to help others fix Facebook connect error. It also helped fix the Google connection so please include it for that as well...

Error
Your server could not connect to Facebook (https://graph.facebook.com). Try again later. If the issue persists, contact your host.

On my Windows 2008 Dedicated server I had already disabled IPV6 from the Network Chips/Cards a long time ago and I thought it was not an issue but there were still unseen components running in the background using it somewhere through the Registry which for whatever reason was ruining the outbound connection for https connections to Facebook and Google Https Authentication!

I used the Windows fix "Disable IPv6"
https://support.microsoft.com/en-us/kb/929852

But you can edit the registry yourself... You have to reboot your sever in order for this to work successfully!

 

[TickTackk]

For those who don't like going to Registry Editor (me), here is the command line which will disable IPv6 for you. Open Command Prompt as Administrator (root) and copy > paste > {ENTER}

reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 000000ff /f