Making WordPress.org

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#3383 closed defect (bug) (fixed)

https://downloads.wordpress.org is not working

Reported by: evs38's profile evs38 Owned by: barry's profile barry
Milestone: Priority: high
Component: SSL Keywords:
Cc:

Description

I recevie the following errors:

Download error. cURL error 56: Recv failure: Connection reset by peer

or

Download error. cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443

while doing update or installing plugin.

Attachments (1)

becd1d34dc.jpg (342.6 KB) - added by evs38 7 years ago.

Download all attachments as: .zip

Change History (12)

@evs38
7 years ago

#1 follow-up: @dd32
7 years ago

  • Component changed from General to SSL

Hey @evs38 and welcome to Trac.

Would you be able to provide some extra information about your hosting platform?
Specifically, the PHP version, cURL version, and OpenSSL version as reported by your host? (You can get that from most host control panels, or through a plugin such as https://wordpress.org/plugins/health-check/)

The cURL Errors appear to indicate that your server is having difficulties communicating with WordPress.org, that could be caused by software or network issues, but it's more likely network issues I believe.

Do you have Shell (SSH) access to the host? or just WordPress?

If you have shell access, the output of the following commands would be helpful to us to diagnose the issues.

  • traceroute wordpress.org, traceroute api.wordpress.org, traceroute downloads.wordpress.org
  • curl -vv https://wordpress.org, curl -vv api.wordpress.org, curl -vv https://downloads.wordpress.org
  • tcptraceroute wordpress.org 443, tcptraceroute api.wordpress.org 443, tcptraceroute downloads.wordpress.org 443 (You may not have this installed on the server, or it may require privledges you do not have)

If you don't have Shell access, you can provide your host with this Trac ticket and they should be able to provide us with the details. It's likely that this is affecting multiple customers of theirs, so it'll be in their interest to help get it sorted out.

Version 1, edited 7 years ago by dd32 (previous) (next) (diff)

#2 in reply to: ↑ 1 @evs38
7 years ago

Yes, looks like it is downloads.wordpress.org server side issue: the connection to port 443 can be fully estabilished approximately once from 10 times. The rest of the time, the server immediately resets the connection to 443 port.

PHP 5.6.31 (cli) (built: Sep 19 2017 12:08:26)

curl 7.55.1 (x86_64-redhat-linux-gnu) libcurl/7.57.0 OpenSSL/1.0.1e zlib/1.2.3 c-ares/1.13.0 libssh2/1.8.0 nghttp2/1.6.0

OpenSSL 1.0.1e-fips 11 Feb 2013

curl -vv https://wordpress.org
* Rebuilt URL to: https://wordpress.org/
*   Trying 66.155.40.249...
* TCP_NODELAY set
* Connected to wordpress.org (66.155.40.249) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP2 (h2)
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: OU=Domain Control Validated; CN=*.wordpress.org
*  start date: Nov  6 17:42:01 2017 GMT
*  expire date: Dec 15 20:11:21 2020 GMT
*  subjectAltName: host "wordpress.org" matched cert's "wordpress.org"
*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x2223350)
> GET / HTTP/2
> Host: wordpress.org
> User-Agent: curl/7.55.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< server: nginx
< date: Wed, 17 Jan 2018 01:42:00 GMT
< content-type: text/html; charset=utf-8
< vary: Accept-Encoding
< strict-transport-security: max-age=360
< x-olaf: 
< x-frame-options: SAMEORIGIN
< x-nc: HIT lax 249
curl -vv https://api.wordpress.org
* Rebuilt URL to: https://api.wordpress.org/
*   Trying 198.143.164.251...
* TCP_NODELAY set
* Connected to api.wordpress.org (198.143.164.251) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.wordpress.org:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.wordpress.org:443
curl -vv https://downloads.wordpress.org
* Rebuilt URL to: https://downloads.wordpress.org/
*   Trying 198.143.164.250...
* TCP_NODELAY set
* Connected to downloads.wordpress.org (198.143.164.250) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443
traceroute -T -p 443 wordpress.org
traceroute to wordpress.org (66.155.40.249), 30 hops max, 60 byte packets
 1  hsrp.46-30-41-0-24.eurobyte.ru (46.30.41.2)  1.566 ms  0.207 ms  0.209 ms
 2  5-1-5.ear4.Amsterdam1.Level3.net (212.72.41.101)  1.657 ms 5-1-9.ear4.Amsterdam1.Level3.net (212.72.41.109)  1.417 ms 5-1-2.ear4.Amsterdam1.Level3.net (212.72.41.113)  1.197 ms
 3  * * *
 4  4.7.29.138 (4.7.29.138)  158.793 ms  158.796 ms  158.883 ms
 5  66.155.40.249 (66.155.40.249)  158.831 ms  158.757 ms  158.855 ms
traceroute -T -p 443 api.wordpress.org
traceroute to api.wordpress.org (198.143.164.251), 30 hops max, 60 byte packets
 1  hsrp.46-30-41-0-24.eurobyte.ru (46.30.41.2)  0.194 ms  0.186 ms  0.181 ms
 2  te0-0-0-20.rcr21.ams06.atlas.cogentco.com (149.6.1.21)  1.461 ms te0-2-0-0.rcr21.ams06.atlas.cogentco.com (149.14.92.21)  1.497 ms te0-4-0-34.rcr21.ams06.atlas.cogentco.com (149.6.1.33)  1.448 ms
 3  be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49)  1.316 ms be3433.ccr41.ams03.atlas.cogentco.com (154.54.58.201)  1.225 ms  1.178 ms
 4  be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  1.237 ms be2440.agr21.ams03.atlas.cogentco.com (130.117.50.6)  1.179 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  1.553 ms
 5  130.117.14.102 (130.117.14.102)  1.236 ms  1.260 ms  1.196 ms
 6  adm-bb3-link.telia.net (62.115.141.62)  99.124 ms adm-bb4-link.telia.net (62.115.141.38)  97.657 ms adm-bb4-link.telia.net (62.115.141.34)  97.729 ms
 7  ldn-bb2-link.telia.net (62.115.134.27)  97.226 ms ldn-bb2-link.telia.net (213.155.136.78)  123.990 ms ldn-bb3-link.telia.net (213.155.136.98)  99.177 ms
 8  nyk-bb3-link.telia.net (62.115.135.94)  77.554 ms  77.552 ms  77.607 ms
 9  nyk-bb4-link.telia.net (62.115.136.185)  97.341 ms  97.432 ms chi-b21-link.telia.net (80.91.246.162)  99.279 ms
10  chi-b21-link.telia.net (62.115.137.59)  97.748 ms  97.781 ms serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247)  98.877 ms
11  serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247)  97.086 ms agg-gegf150.ord03.singlehop.net (108.178.47.245)  98.628 ms dr6506a.ord03.singlehop.net (108.178.47.247)  98.445 ms
12  api.wordpress.org (198.143.164.251)  98.498 ms  98.483 ms  98.516 ms
traceroute -T -p 443 downloads.wordpress.org
traceroute to downloads.wordpress.org (198.143.164.250), 30 hops max, 60 byte packets
 1  hsrp.46-30-41-0-24.eurobyte.ru (46.30.41.2)  2.267 ms  2.256 ms  2.250 ms
 2  te0-4-0-8.rcr21.ams06.atlas.cogentco.com (149.6.1.17)  1.625 ms  1.671 ms te0-4-0-10.rcr21.ams06.atlas.cogentco.com (149.6.1.49)  1.692 ms
 3  be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49)  1.126 ms be3433.ccr41.ams03.atlas.cogentco.com (154.54.58.201)  1.157 ms be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49)  1.480 ms
 4  be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  1.558 ms be2440.agr21.ams03.atlas.cogentco.com (130.117.50.6)  1.473 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  1.469 ms
 5  130.117.14.102 (130.117.14.102)  1.288 ms  1.278 ms  1.273 ms
 6  adm-bb4-link.telia.net (213.155.137.186)  97.285 ms adm-bb3-link.telia.net (62.115.112.122)  99.299 ms adm-bb4-link.telia.net (62.115.118.146)  97.567 ms
 7  ldn-bb2-link.telia.net (213.155.136.78)  97.427 ms ldn-bb3-link.telia.net (213.155.136.98)  99.586 ms  99.801 ms
 8  nyk-bb3-link.telia.net (62.115.135.94)  77.546 ms ldn-bb4-link.telia.net (62.115.136.192)  99.654 ms nyk-bb3-link.telia.net (62.115.135.94)  77.541 ms
 9  chi-b21-link.telia.net (80.91.246.162)  103.306 ms  99.564 ms nyk-bb4-link.telia.net (62.115.136.185)  97.327 ms
10  chi-b21-link.telia.net (62.115.137.59)  97.638 ms  97.561 ms serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247)  99.017 ms
11  serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247)  97.243 ms  97.286 ms dr6506a.ord03.singlehop.net (108.178.47.247)  98.613 ms
12  dr6506a.ord03.singlehop.net (108.178.47.247)  96.793 ms  96.810 ms downloads.wordpress.org (198.143.164.250)  98.712 ms

Just telnet test:

telnet downloads.wordpress.org 443
Trying 198.143.164.250...
Connected to downloads.wordpress.org.
Escape character is '^]'.
Connection closed by foreign host.

Or curl:

[root@h ~]# curl https://downloads.wordpress.org
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

[root@h ~]# curl https://downloads.wordpress.org
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443

[root@h ~]# curl https://downloads.wordpress.org
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

[root@h ~]# curl https://downloads.wordpress.org
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443

[root@h ~]# curl https://downloads.wordpress.org
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443

[root@h ~]# curl https://downloads.wordpress.org
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
Last edited 7 years ago by evs38 (previous) (diff)

#3 @dd32
7 years ago

Thanks for the extra details @evs38!

I'll follow up with systems with the details and we'll be in touch if we need anything extra.

#4 @barry
7 years ago

  • Owner set to barry
  • Status changed from new to accepted

Hi @evs38 - could you ping me on WordPress Slack to do some real-time troubleshooting? Slack username @barry. Thanks!

#5 @barry
7 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

Thanks for the ping and the additional information. We suspect some routing issues in a newly deployed data center for WordPress.org. For now, we have reverted back to the old data center while we troubleshoot and resolve the issue.

#6 follow-up: @jhnpldng
7 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

@barry
I'm still getting the same error messages. Multiple sites, two different versions of wp. My hosting company has gotten so many complaints, they put an announcement up on their site.

#7 in reply to: ↑ 6 ; follow-up: @barry
7 years ago

Replying to jhnpldng:

@barry
I'm still getting the same error messages. Multiple sites, two different versions of wp. My hosting company has gotten so many complaints, they put an announcement up on their site.

We reverted these changes after trying to replicate the issue for many days from many hundreds of different servers, including the ones in the original reports. If it's happening again we will need data from the specific servers affected in order to figure it out because all of the ones we have access to don't exhibit the problem.

If you have SSH access to the server where your site is hosted could you ping me on WordPress.org Slack to troubleshoot? If not, could you ask your hosting company to contact me directly? barry [at] automattic.com or @barry on Slack.

#8 in reply to: ↑ 7 @jhnpldng
7 years ago

Replying to barry:

Replying to jhnpldng:

@barry

If you have SSH access to the server where your site is hosted could you ping me on WordPress.org Slack to troubleshoot? If not, could you ask your hosting company to contact me directly? barry [at] automattic.com or @barry on Slack.

I had them run the tracerout/curl commands from post #1 above. I don't know if there's anything in the results that shouldn't be shown to the public here so I'm emailing it to you.

wordpress_information.txt from jhnpldng01 [at] aim.com

#9 @jhnpldng
7 years ago

@barry
Just joined slack, uploaded file/snippet and shared with you on slack.

#10 @barry
7 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Thanks for all of the info. We narrowed down the problem to a likely software bug on the networking devices and are working with our provider and the hardware vendor to get it resolved . In the mean time we found a workaround for the problem and have implemented it so there shouldn't be any more connectivity issues to downloads.wordpress.org or api.wordpress.org

We also now have a way to replicate the problem, so I'm going to mark this ticket as resolved since the issue shouldn't be happening anymore. We'll be sure to retest before undoing the workaround at a future date.

#11 @jhnpldng
7 years ago

Working good for me now. Thanks

Note: See TracTickets for help on using tickets.