We have a few sites running off of Magento 1.9 on a dedicated server. Each site uses the eBizmarts Sage Payments extension for US & Canada. The extension is up to day with the most current version eBizmarts offers.
We have been using the extension for years, with no issues. Starting last week (now 6 days ago) we have been receiving an error any time someone attempts to checkout with a credit card via the eBizmarts Sage Payments extension. This error shows up shortly after clicking the Place Order Now button on the checkout page:
Communication error: your server is not capable to communicate with Sage Payment Solutions server
I got in touch with ebizmarts immediately after discovering this issue. There have been a few emails back and forth, but pretty much nothing has been done and there has been very little help from them. (we do have an active support package with them) I'm still communicating with them, but it's going very slow, I'm reaching out to a few areas in hopes I can find a fix more quickly. We have lost thousands of dollars from not being able to transact with credit cards. We can still accept paypal.
I have also talked to Sage. Our site never has the chance to communicate with Sage. It does not get that far. So Sage has no error codes or anything to work off of on their end. I have talked to two of their support staff and have a ticket open. But they seem stumped.
I have spent the most time, and recieved the most assistance, from our hosting provider. They have had a few techs look at things. I was able to pull out an error code from the system log file. The error code is:
2017-08-14T02:07:47+00:00 ERR (3): Warning: SoapClient:oapClient(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086SL routines:ssl3_get_server_certificate:certificate verify failed in /home/XXXXXXX/public_html/app/code/local/Ebizmarts/SagePaymentsPro/Model/Api/Sage.php on line 391
2017-08-14T02:07:47+00:00 ERR (3): Warning: SoapClient:oapClient(): Failed to enable crypto in /home/XXXXXXX/public_html/app/code/local/Ebizmarts/SagePaymentsPro/Model/Api/Sage.php on line 391
2017-08-14T02:07:47+00:00 ERR (3): Warning: SoapClient:oapClient(https://www.sagepayments.net/web_services/vterm_extensions/transaction_processing.asmx?WSDL): failed to open stream: operation failed in /home/XXXXXXX/public_html/app/code/local/Ebizmarts/SagePaymentsPro/Model/Api/Sage.php on line 391
2017-08-14T02:07:47+00:00 ERR (3): Warning: SoapClient:oapClient(): I/O warning : failed to load external entity "https://www.sagepayments.net/web_services/vterm_extensions/transaction_processing.asmx?WSDL" in /home/XXXXXXX/public_html/app/code/local/Ebizmarts/SagePaymentsPro/Model/Api/Sage.php on line 391
This issues SEEMS to have started after an automated nightly server upgrade. It is a cPanel server that is setup to automaticly keep up to date with security patches, new php extension versions, etc. The file modification dates for curl and some other areas show a last modified date of the first day we could not receive orders. This info has been provided to eBizmarts, Sage and our hosting provider.
Through some investigation in seems like the issue my be related to openssl or curl and certificate verifcations. I have verified that our websites SSL certificate were not modified recently. Since the SSL certs was up for renewal shortly, I even opted to renew early and install fresh geotrust ssl certificates, which are now running error free and verified installed correctly.
One of the things that seemed to pop up with the error while investigating was to set CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to 0, to disable them. I located the file in the eBizmart extension where these variables were and set them to 0, to disable the certificate check. The checkout error did not go away. (yes, i rebuilt magento cache)
My hosting provider did set one of the sites to use php 5.5, vs the server wide php 5.6, and amazingly the Sage extension works there. Unfortunately our bigger and more important sites have several customizations that broke when I attempted to run them on php 5.5. So that is not a fix. I also don't like the idea of running such and old php version. The 5.6 version that we are running, is 5.6.31. I've talked to the hosting provider about stepping back to an order version of php 5.6, but they are saying its a large undertaking and they want to try and avoid doing that.
I'm running out of ideas and my bosses are "not too happy" that we have been unable to take credit cards for nearly a week. I'm HOPING someone here may have some insight.
Thanks in advance to anyone that may be able to provide some insight!
It is most likely you have lost a function or protocol that you needed before to talk to the Sage server.
They (Sage) should be able to tell you what protocols they support and cPanel should be able to tell you what changed in the most recent update but I am going to guess you've hardened your system and now it cannot talk to some hosts that don't fully support something you're now requiring during the SSL conversation between hosts when you make a payment call.
From what I can see the Sage server endpoint supports only TLS and the latest ciphers as they'll need to meet PCIDSS.
Can you get your hosting company to confirm what's changed at all?
There were changes to PHP that altered how it worked with hosts and verification of the SSL certificate. If you've updated to the newest version may be why it cannot talk anymore?
You really need to see what the last updated changed version to version that you use and work back from there.
I really appreciate the input!
My hosting provider has been unable to pinpoint the exact changes there were made in the update. This does not appear to be something that cPanel does.
I will look into the TLS and ciphers requirements. Evey little bit of help at this point is TRULY appreicated! lol
We will need server access with magento back end access too