#3383 closed defect (bug) (fixed)
https://downloads.wordpress.org is not working
Reported by: | evs38 | Owned by: | barry |
---|---|---|---|
Milestone: | Priority: | high | |
Component: | SSL | Keywords: | |
Cc: |
Description
I recevie the following errors:
Download error. cURL error 56: Recv failure: Connection reset by peer
or
Download error. cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443
while doing update or installing plugin.
Attachments (1)
Change History (12)
#2
in reply to:
↑ 1
@
7 years ago
Yes, looks like it is downloads.wordpress.org server side issue: the connection to port 443 can be fully estabilished approximately once from 10 times. The rest of the time, the server immediately resets the connection to 443 port.
PHP 5.6.31 (cli) (built: Sep 19 2017 12:08:26)
curl 7.55.1 (x86_64-redhat-linux-gnu) libcurl/7.57.0 OpenSSL/1.0.1e zlib/1.2.3 c-ares/1.13.0 libssh2/1.8.0 nghttp2/1.6.0
OpenSSL 1.0.1e-fips 11 Feb 2013
curl -vv https://wordpress.org * Rebuilt URL to: https://wordpress.org/ * Trying 66.155.40.249... * TCP_NODELAY set * Connected to wordpress.org (66.155.40.249) port 443 (#0) * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * NPN, negotiated HTTP2 (h2) * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Unknown (67): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * Server certificate: * subject: OU=Domain Control Validated; CN=*.wordpress.org * start date: Nov 6 17:42:01 2017 GMT * expire date: Dec 15 20:11:21 2020 GMT * subjectAltName: host "wordpress.org" matched cert's "wordpress.org" * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x2223350) > GET / HTTP/2 > Host: wordpress.org > User-Agent: curl/7.55.1 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 200 < server: nginx < date: Wed, 17 Jan 2018 01:42:00 GMT < content-type: text/html; charset=utf-8 < vary: Accept-Encoding < strict-transport-security: max-age=360 < x-olaf: < x-frame-options: SAMEORIGIN < x-nc: HIT lax 249
curl -vv https://api.wordpress.org * Rebuilt URL to: https://api.wordpress.org/ * Trying 198.143.164.251... * TCP_NODELAY set * Connected to api.wordpress.org (198.143.164.251) port 443 (#0) * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.wordpress.org:443 * stopped the pause stream! * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.wordpress.org:443
curl -vv https://downloads.wordpress.org * Rebuilt URL to: https://downloads.wordpress.org/ * Trying 198.143.164.250... * TCP_NODELAY set * Connected to downloads.wordpress.org (198.143.164.250) port 443 (#0) * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443 * stopped the pause stream! * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443
traceroute -T -p 443 wordpress.org traceroute to wordpress.org (66.155.40.249), 30 hops max, 60 byte packets 1 hsrp.46-30-41-0-24.eurobyte.ru (46.30.41.2) 1.566 ms 0.207 ms 0.209 ms 2 5-1-5.ear4.Amsterdam1.Level3.net (212.72.41.101) 1.657 ms 5-1-9.ear4.Amsterdam1.Level3.net (212.72.41.109) 1.417 ms 5-1-2.ear4.Amsterdam1.Level3.net (212.72.41.113) 1.197 ms 3 * * * 4 4.7.29.138 (4.7.29.138) 158.793 ms 158.796 ms 158.883 ms 5 66.155.40.249 (66.155.40.249) 158.831 ms 158.757 ms 158.855 ms
traceroute -T -p 443 api.wordpress.org traceroute to api.wordpress.org (198.143.164.251), 30 hops max, 60 byte packets 1 hsrp.46-30-41-0-24.eurobyte.ru (46.30.41.2) 0.194 ms 0.186 ms 0.181 ms 2 te0-0-0-20.rcr21.ams06.atlas.cogentco.com (149.6.1.21) 1.461 ms te0-2-0-0.rcr21.ams06.atlas.cogentco.com (149.14.92.21) 1.497 ms te0-4-0-34.rcr21.ams06.atlas.cogentco.com (149.6.1.33) 1.448 ms 3 be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49) 1.316 ms be3433.ccr41.ams03.atlas.cogentco.com (154.54.58.201) 1.225 ms 1.178 ms 4 be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241) 1.237 ms be2440.agr21.ams03.atlas.cogentco.com (130.117.50.6) 1.179 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241) 1.553 ms 5 130.117.14.102 (130.117.14.102) 1.236 ms 1.260 ms 1.196 ms 6 adm-bb3-link.telia.net (62.115.141.62) 99.124 ms adm-bb4-link.telia.net (62.115.141.38) 97.657 ms adm-bb4-link.telia.net (62.115.141.34) 97.729 ms 7 ldn-bb2-link.telia.net (62.115.134.27) 97.226 ms ldn-bb2-link.telia.net (213.155.136.78) 123.990 ms ldn-bb3-link.telia.net (213.155.136.98) 99.177 ms 8 nyk-bb3-link.telia.net (62.115.135.94) 77.554 ms 77.552 ms 77.607 ms 9 nyk-bb4-link.telia.net (62.115.136.185) 97.341 ms 97.432 ms chi-b21-link.telia.net (80.91.246.162) 99.279 ms 10 chi-b21-link.telia.net (62.115.137.59) 97.748 ms 97.781 ms serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247) 98.877 ms 11 serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247) 97.086 ms agg-gegf150.ord03.singlehop.net (108.178.47.245) 98.628 ms dr6506a.ord03.singlehop.net (108.178.47.247) 98.445 ms 12 api.wordpress.org (198.143.164.251) 98.498 ms 98.483 ms 98.516 ms
traceroute -T -p 443 downloads.wordpress.org traceroute to downloads.wordpress.org (198.143.164.250), 30 hops max, 60 byte packets 1 hsrp.46-30-41-0-24.eurobyte.ru (46.30.41.2) 2.267 ms 2.256 ms 2.250 ms 2 te0-4-0-8.rcr21.ams06.atlas.cogentco.com (149.6.1.17) 1.625 ms 1.671 ms te0-4-0-10.rcr21.ams06.atlas.cogentco.com (149.6.1.49) 1.692 ms 3 be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49) 1.126 ms be3433.ccr41.ams03.atlas.cogentco.com (154.54.58.201) 1.157 ms be3434.ccr42.ams03.atlas.cogentco.com (154.54.59.49) 1.480 ms 4 be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241) 1.558 ms be2440.agr21.ams03.atlas.cogentco.com (130.117.50.6) 1.473 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241) 1.469 ms 5 130.117.14.102 (130.117.14.102) 1.288 ms 1.278 ms 1.273 ms 6 adm-bb4-link.telia.net (213.155.137.186) 97.285 ms adm-bb3-link.telia.net (62.115.112.122) 99.299 ms adm-bb4-link.telia.net (62.115.118.146) 97.567 ms 7 ldn-bb2-link.telia.net (213.155.136.78) 97.427 ms ldn-bb3-link.telia.net (213.155.136.98) 99.586 ms 99.801 ms 8 nyk-bb3-link.telia.net (62.115.135.94) 77.546 ms ldn-bb4-link.telia.net (62.115.136.192) 99.654 ms nyk-bb3-link.telia.net (62.115.135.94) 77.541 ms 9 chi-b21-link.telia.net (80.91.246.162) 103.306 ms 99.564 ms nyk-bb4-link.telia.net (62.115.136.185) 97.327 ms 10 chi-b21-link.telia.net (62.115.137.59) 97.638 ms 97.561 ms serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247) 99.017 ms 11 serverhub-ic-324864-chi-b21.c.telia.net (62.115.154.247) 97.243 ms 97.286 ms dr6506a.ord03.singlehop.net (108.178.47.247) 98.613 ms 12 dr6506a.ord03.singlehop.net (108.178.47.247) 96.793 ms 96.810 ms downloads.wordpress.org (198.143.164.250) 98.712 ms
Just telnet test:
telnet downloads.wordpress.org 443 Trying 198.143.164.250... Connected to downloads.wordpress.org. Escape character is '^]'. Connection closed by foreign host.
Or curl:
[root@h ~]# curl https://downloads.wordpress.org <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx</center> </body> </html> [root@h ~]# curl https://downloads.wordpress.org curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443 [root@h ~]# curl https://downloads.wordpress.org <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx</center> </body> </html> [root@h ~]# curl https://downloads.wordpress.org curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443 [root@h ~]# curl https://downloads.wordpress.org curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to downloads.wordpress.org:443 [root@h ~]# curl https://downloads.wordpress.org <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx</center> </body> </html>
#3
@
7 years ago
Thanks for the extra details @evs38!
I'll follow up with systems with the details and we'll be in touch if we need anything extra.
#4
@
7 years ago
- Owner set to barry
- Status changed from new to accepted
Hi @evs38 - could you ping me on WordPress Slack to do some real-time troubleshooting? Slack username @barry. Thanks!
#5
@
7 years ago
- Resolution set to fixed
- Status changed from accepted to closed
Thanks for the ping and the additional information. We suspect some routing issues in a newly deployed data center for WordPress.org. For now, we have reverted back to the old data center while we troubleshoot and resolve the issue.
#6
follow-up:
↓ 7
@
7 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
@barry
I'm still getting the same error messages. Multiple sites, two different versions of wp. My hosting company has gotten so many complaints, they put an announcement up on their site.
#7
in reply to:
↑ 6
;
follow-up:
↓ 8
@
7 years ago
Replying to jhnpldng:
@barry
I'm still getting the same error messages. Multiple sites, two different versions of wp. My hosting company has gotten so many complaints, they put an announcement up on their site.
We reverted these changes after trying to replicate the issue for many days from many hundreds of different servers, including the ones in the original reports. If it's happening again we will need data from the specific servers affected in order to figure it out because all of the ones we have access to don't exhibit the problem.
If you have SSH access to the server where your site is hosted could you ping me on WordPress.org Slack to troubleshoot? If not, could you ask your hosting company to contact me directly? barry [at] automattic.com or @barry on Slack.
#8
in reply to:
↑ 7
@
7 years ago
Replying to barry:
Replying to jhnpldng:
@barry
If you have SSH access to the server where your site is hosted could you ping me on WordPress.org Slack to troubleshoot? If not, could you ask your hosting company to contact me directly? barry [at] automattic.com or @barry on Slack.
I had them run the tracerout/curl commands from post #1 above. I don't know if there's anything in the results that shouldn't be shown to the public here so I'm emailing it to you.
wordpress_information.txt from jhnpldng01 [at] aim.com
#10
@
7 years ago
- Resolution set to fixed
- Status changed from reopened to closed
Thanks for all of the info. We narrowed down the problem to a likely software bug on the networking devices and are working with our provider and the hardware vendor to get it resolved . In the mean time we found a workaround for the problem and have implemented it so there shouldn't be any more connectivity issues to downloads.wordpress.org
or api.wordpress.org
We also now have a way to replicate the problem, so I'm going to mark this ticket as resolved since the issue shouldn't be happening anymore. We'll be sure to retest before undoing the workaround at a future date.
Hey @evs38 and welcome to Trac.
Would you be able to provide some extra information about your hosting platform?
Specifically, the PHP version, cURL version, and OpenSSL version as reported by your host? (You can get that from most host control panels, or through a plugin such as https://wordpress.org/plugins/health-check/)
The cURL Errors appear to indicate that your server is having difficulties communicating with WordPress.org, that could be caused by software or network issues, but it's more likely network issues I believe.
Do you have Shell (SSH) access to the host? or just WordPress?
If you have shell access, the output of the following commands would be helpful to us to diagnose the issues.
traceroute wordpress.org
,traceroute api.wordpress.org
,traceroute downloads.wordpress.org
curl -vv https://wordpress.org
,curl -vv api.wordpress.org
,curl -vv https://downloads.wordpress.org
tcptraceroute wordpress.org 443
,tcptraceroute api.wordpress.org 443
,tcptraceroute downloads.wordpress.org 443
(You may not have this installed on the server, or it may require privledges you do not have)If you don't have Shell access, you can provide your host with this Trac ticket and they should be able to provide us with the details. It's likely that this is affecting multiple customers of theirs, so it'll be in their interest to help get it sorted out.