We are aware of a potentially service impacting issue. Learn more

Wordpress: Download failed.: SSL peer certificate or SSH remote key was not OK Print

  • 0

If wordpress gives the error during update of plugins or wordpress itself : Download failed.: SSL peer certificate or SSH remote key was not OK

you likely are suffering from a DNS issue with OPENDNS or another DNS provider, usually quickly solved by the webhost by changing the resolver of the server to i.e. those of google dns. 

edit /etc/resolver.conf
change the nameservers to i.e. 8.8.8.8 and 8.8.4.4 

Note that if you are using Cloudlinux with CageFS enabled you also may need to update the Cages with an: cagefsctl --force-update

UPDATE: OpenDNS believes they have resolved the issue; they provided us with the following explaination of the issue:


The redirection problem should now be fixed. Please test this again and let us know if you are still seeing an issue.

Some technical detail: Computers that are configured to use both IPv6 and IPv4 will perform a DNS query for both the A and AAAA records for a given domain. Our resolvers will properly return a NODATA response for the AAAA record, but we are seeing the client then perform another query for the AAAA record with the local search suffix attached. This subsequent query will result in an NXDOMAIN response, and thus customers with NXDOMAIN redirection enabled will be redirected to our NXDOMAIN page. The A record query will properly return the IP address, but some clients may have a preference for AAAA records, or may choose one of the two responses at random, and thus get redirected to our NXDOMAIN page.

This extra AAAA query is unusual behaviour for a client, but we were able to mitigate it by removing the redirection for the AAAA record requests from our DNS servers.


As our servers are configured to allow IPv4 and 6 this sounds like a plausible this also hooks into what we saw happening on the server; i.e. wget was working properly but curl failed (from the curl manual: curl will connect to a server with IPv6 when a host lookup returns an IPv6 address and fall back to IPv4 if the connection fails, in case of the OPENDNS usage the IPv6 did not fail but actually returned the answer of the redirect domain). 


Was this answer helpful?

« Back