cPanel WooCommerce wp_remote_post() failed. PayPal IPN won’t work with your server. Error: Unsupported SSL protocol version

UPDATE: Note, Curl 7.49 causes problems with WooCommerce. Such as Updates not working and showing a 404 page. If you turn Debug on in wp-config.php the 404 doesn’t happen, but you get errors such as:-

  • Notice: Undefined offset: 3 class-wc-session-handler.php on line
  • Notice: Undefined index: wp_the_query

Tried 7.36 and it seems to work as of 2015.

Hi Everyone,

if you’ve landed on this page, it’s because your Woocommerce Store is hosted on a cPanel server which needs a newer version of OpenSSL. And you’re seeing this inside the Woocommerce Status page and possibly your Paypal IPN notifications are failing.

wp_remote_post() failed. PayPal IPN won’t work with your server. Contact your hosting provider. Error: Unsupported SSL protocol version

Your host might say that they are running the latest version, or disagree with you about which version is actually running.

OpenSSL is installed on Centos and it’s also bunbled with PHP. So the server can have different versions.

The server admin needs to run this as the user to see which version of PHP they have selected and which OpenSSL library they are running.

# php -i | grep "SSL Version"
Zend OPcache requires Zend Engine API version 220121212.
The Zend Engine API version 220131226 which is installed, is newer.
Contact Zend Technologies at http://www.zend.com/ for a later version of Zend OPcache.
SSL Version => OpenSSL/1.0.0
# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

As you can see, there are definitely different versions running, and PHP is not using the one Woocommerce needs.

If you’re running a really old version, you can try this, but it will only update the System OpenSSL.

# /scripts/yum_update_openssl
Loaded plugins: fastestmirror, tsflags
Setting up Update Process
Loading mirror speeds from cached hostfile
* EA4: 85.13.201.2
* base: centos.crazyfrogs.org
* epel: epel.mirrors.ovh.net
* extras: centos.crazyfrogs.org
* ius: mirrors.ircam.fr
* updates: fr.mirror.babylon.network
No Packages marked for Update

There were no updates available for my server running WHM 56.0.

Time to custom compile a solution for Easy Apache that will survive updates.

Lets download, compile and install the latest Stable OpenSSL, you can find it in Github.

cd /usr/local/src/; wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable.zip
unzip OpenSSL_1_0_2-stable.zip -d OpenSSL_1_0_2-stable; cd OpenSSL_1_0_2-stable; cd openssl-OpenSSL_1_0_2-stable/
make depend
make
make install
openssl version

This will install openssl to /usr/local/ssl.
Next, we need to compile Curl SSL. First thing is to remove the current version.

rm -rf /opt/curlssl
wget https://curl.haxx.se/download/curl-7.49.1.tar.gz
tar -zxf curl-7.49.1.tar.gz
cd curl-7.49.1
dir
./configure   --prefix=/opt/curlssl   --with-ssl=/usr/local/ssl   --enable-http   --enable-ftp   LDFLAGS=-L/usr/local/ssl/lib   CPPFLAGS=-I/usr/local/ssl/include
make
make install

Now we need to reconfigure Easy Apache. Press return when EOF comes up.

cd /var/cpanel/easy/apache/rawopts
touch all_php5
cat > all_php5 <<EOF
--enable-ssl
--with-ssl=/usr/local/ssl
--with-curl=/opt/curlssl
LDFLAGS=-L/usr/local/ssl/lib
CPPFLAGS=-I/usr/local/ssl/include
EOF

Now the Apache file, press return when EOF comes up.

touch Apache2_4
cat > Apache2_4 <<EOF
--with-ssl=/usr/local/ssl
LDFLAGS=-L/usr/local/ssl/lib
CPPFLAGS=-I/usr/local/ssl/include
EOF