#3285 - Unable to connect to mailchimp
We are evaluating the trial version. Our servers are behind firewall in our firm, and we use web-sense to block most of the internet access for our firm. We have opened up websense to allow the sugarCRM servers to be able to connect to mail chimp.
curl --request GET --url 'https://us16.api.mailchimp.com/3.0/' --user 'shahamit:<MailChimpKey>' returns a valid response with all the different URLs. But from the Sugar Admin Screen, it still says not able to connect to mail chimp server.. ? What else do we need to open ?
Thanks, Amit
7 years ago
Hello Amit,
Can you open your browser console, and try to reach MailChimp again. Then, look at the network tab, for the call 'update' which is supposed to update and save your MailChimp api key. See if you can find a response there. Can you also send over your SugarCRM logs?
Thanks, Jon
7 years ago
Here is the Response - {"success":false,"message":"Could not access MailChimp server"}
SugarCRM Logs have a whole lot of these -
Fri Sep 1 14:40:02 2017 [23192][1][FATAL] SugarChimp:fatal:1504291202: SugarChimp Scheduler: You do not have a MailChimp api key saved yet. You probably have not setup SugarChimp. Email support@sugarchimp.com if you need help.
7 years ago
An FYI - We have a cloud version of sugarcrm, as well as a version hosted inside the firm. Everything is working from the cloud version, but we need it to work from inside the firm because thats our PROD environment.
And we are using the license key that we have in the cloud version already. I hope it doesn't have a 'one instance only' restriction, or something to that affect ..
7 years ago
Hello, thanks for the extra information. If you go to your production instance (the one hosted internally), go to Admin > SugarChimp Configuration > go to step 2 "Validate".
Do you see a license key there? If not, paste your license key there and click "Validate". Does it validate successfully?
It sounds like your connection between Sugar and MailChimp is good, but something isn't right on the licensing side.
If it does not validate, can your internal server make an outbound call to sugaroutfitters.com? That is where the license needs to contact to validate the license.
Let us know what you find. Thanks!
7 years ago
Yes, it is able to validate the license. It does give a 'validation successful' popup.
7 years ago
Got it, thanks for the information. I think we'll need to get on a call to take a closer look.
Please go here and pick a day and time we can chat: https://calendly.com/fanaticallabs/sugarchimp-support
Thanks!
7 years ago
Hello, thanks for joining the call today. It seems the "Unknown SSL protocol error in connection" curl error message is the current issue we need to resolve.
I researched the error message and found that some people have received the same error message when using a specific version of curl. See the accepted solution on this page: https://stackoverflow.com/questions/20988782/curl-unknown-ssl-protocol-error-in-connection-error-in-server-but-works-on-lo
Can you check to see what version of Curl you have installed?
It might be that the command line curl and php curl use a differently underlying curl (which is why command line works but php does not). Or the interface in php to curl is having issues. I would recommend seeing if there are any updates for curl.
Can you also go to your command line and run: curl -V
Please send me what the result is. Thanks!
7 years ago
curl -V gives 7.47, and phpinfo gives 7.47 too .. But then I read https://sourceforge.net/p/curl/bugs/1319/ page, and found some mentions of different OpenSSL versions. So I checked that. And there might be something there -
shah_amit@teb-lampdu:/var/www/sugar$ openssl version OpenSSL 1.1.0f 25 May 2017
But the phpinfo page shows OpenSSL/1.0.2g
PHP was installed from sudo add-apt-repository ppa:ondrej/php because Sugar needs 5.6, and Ubuntu doesn't ship with that. And so was php/Curl - sudo apt-get install php5.6-curl
And Linux/Php is not my expertise, so I am open to suggestions :)
7 years ago
Hello Amit,
This is Jon, taking over for Chad, but I have not been able to find anything searching the web that would explain why you're getting that error, or why the phpinfo would show a different version of OpenSSL than your console. I agree with your assessment that the OpenSSL version difference has got to be the issue. However, fixing that on your system is outside of our expertise as well. Have you made any progress since your last message?
Thanks, Jon
7 years ago
Hello Jon, I am still looking into and working on this. It looks like SSL3 might be a culprit .. I want to try and force php to use TLS1.2 ... I tried to add curl_setopt ($ch, CURLOPT_SSLVERSION, 6); in modules/SugarChimp/includes/classes/SugarChimp/Helper.php, but I am not sure if that is the right place .. ??
7 years ago
Hello again,
Glad you are sticking it out to get this thing to work. Before we change the code, I was wondering if you've tried to install and send the call from your live ondemand environment? Have we only tested this locally on your dev environment? If that's the case, could we reach out to Sugar and ask for a close of your SugarOndemand environment so that you can install and test the integration there?
If none of that is possible, then we can go down the path of updating the curl calls in SugarChimp. We've extracted all curl requests to be made by one function, initialize_curl, inside the file you've described above. So making a change there should work to update those settings.
Let me know what you find.
Thanks, Jon
7 years ago
Yes, we have tried this out in the sugar-ondemand version, and it does work from there. So we know for sure there is something odd about our environment. I will let you know how it goes .. It is a huge convinience for our marketing folks if they can get mail-chimp data inside of their sugar-crm dashboard, so I have to give this some more brain-cycles !
7 years ago
Hello again ! So I have an update on this. I tried to remove https, and make it http in MailChimpV3.php
private $api_endpoint = 'http://.api.mailchimp.com/3.0';
And this seems to work fine. It was able to get the lists from our mailchimp account. I tried all php options to ignore ssl, but none of them worked. Only making it http instead of https explicitly seemed to work ... So the question is, would you have any suggestions of accomplishing this in a 'cleaner' way .. ?
7 years ago
Hello!
Looking through our code there are a few places that set their own api end points, making it difficult to easily implement that. We use a streaming api along with a different api url from the v3 api, along with your licensing pings to SugarOutfitters which is https. I can give you all of the locations to change to http, but I still don't believe this is your best long-term solution. Weird that we've been around this long and never run into this issue. Let me know if you'd like for me to give you the locations of the other curl request urls.
Best Regards, Jon
7 years ago
Hello again !
So finally figured this one out. It turns out that websense was blocking
https://wildcardsan.us15.list-manage.com
And once they opened it up, the plugin is working fine. It was very wierd. I forced it to use TLS v 1.0 and that does not go to this website. But when I take out that line, it was failing. And then monitoring websense blocks revealed that this was the site that was being blocked ! May be it will help someone else if they encounter similar situation !
7 years ago
Now that's a good find. Makes sense that the license pings were working but not the MailChimp calls from that. Thanks for sharing the solution, glad to have you up and running. At this point, the hard work is over! You shouldn't run into any more issues like that with the integration, but let us know if you need help with anything else. I'll close this case out now.
Best Regards, Jon