HostGator cURL outdated, disappointing support

Today i came in contact with an Pronamic IDEAL plugin user who was getting “Problem with the SSL CA cert (path? access rights?)” errors. The website was hosted at HostGator and after a quick Google search I noticed that more WordPress users had similar issues. The problems are caused by an outdated cURL library version 7.19.7. I requested HostGator to update to the latest stable version of cURL but their support doesn’t really help.

I think it’s very clear that the cURL library is outdated and needs an update. HostGator support however requires me to send the billing details of our client. How will the billing details help to get cURL updated? Since I don’t have these details HostGator support is not really helping. The helpdesk also forwarded me to their “What Software and Program Versions Does HostGator Offer?” page. On this page HostGator clients can read that they run cURL version 7.15.x:

cURL 7.15.x (also libcurl and PHP/CURL)

Right after that the helpdesk is saying:

We do our best to keep software and program versions as up to date as possible. Our technical team regularly evaluates software updates and pushes updates across HostGator’s servers as they are deemed secure and appropriate for HostGator’s shared hosting environment.

How credible is that since cURL version 7.15 was launched 8.9 years ago? Below you can find the whole chat conversation with HostGator. I don’t have further experience with HostGator but my advice would be to not host at HostGator.

Chat ID: 14642039.
Question: Problem with the SSL CA cert (path? access rights?)

(1:30:55pm) System: Customer has entered chat and is waiting for an agent.

(1:31:49pm) William L.: Hello and welcome to Hostgator LiveChat. My name is William and I’d be glad to assist you with any questions you may have today. How are you?

(1:33:29pm) Remco: Hello William, i’m good. Only have an issue on http://**********.com/ with remote request to an https:// URL. We use WordPress and are getting an HTTP request failed error.

“Problem with the SSL CA cert (path? access rights?)

(1:34:11pm) Remco: Did soms research on Google and see other users of Hostgator had also this issue

(1:34:14pm) Remco: https://wordpress.org/support/topic/http-error-problem-with-the-ssl-ca-cert-path-access-rights

(1:34:18pm) Remco: https://wordpress.org/support/topic/http-error-problem-with-the-ssl-ca-cert-path-access-rights-1

(1:34:47pm) Remco: I quote: “Asking Hostgator to update CURL to the latest stable version will fix this issue, it’s an easy thing for a host to do. A hosting company that size should know what to do..”

(1:35:45pm) William L.: For security reasons, before I am allowed to make changes or provide information to a user’s account, I am required to verify that this is the owner of the account. Please enter your billing login information in the verification box. Thank you.

(1:37:15pm) Remco: I’m not the owner of this account, i’m contacting you on behalf of our client. She however already had contact about this earlier.

(1:37:16pm) William L.: May I have your primary email address on account please?

(1:37:39pm) William L.: Unfortunately, in order to further investigate, I will need full verification in order to proceed to look into this.

(1:38:51pm) Remco: Our client doesn’t have an technical background… so it’s a bit hard for her to give you all the details. I think it’s clear that you have to update the cURL library. I don’t see why you need full verification for this…

(1:39:45pm) William L.: Okay. Regardless, I would still need the full verification details so I can pull up your account, as well as seeing if there is a SSL installed on the site itself.

(1:40:03pm) William L.: I apologized for the trouble but it would be required.

(1:40:14pm) William L.: All i need would only be the email address on account and the password.

(1:40:38pm) Remco: Ok, i have the e-mailadress ******@**********.com

(1:40:55pm) Remco: And the following details

(1:40:58pm) Remco: https://*********.hostgator.com:2083 <https://*********.hostgator.com:2083/>
User: ********
Password: ***********

(1:41:23pm) William L.: May I have your account security pin please? It is a 4 to 8 digits when you first registered for this account.

(1:42:01pm) Remco: I don’t have that information, you just said you would only need the email address and the password :).

(1:42:29pm) William L.: The password would refer to the billing password.

(1:42:31pm) William L.: Do you have that as well?

(1:42:36pm) William L.: If so, I will re-send the pop up box.

(1:42:45pm) William L.: The security pin is an alternative method of verifying for the account fully.

(1:42:50pm) Remco: Nope, this is all the information i have.

(1:43:03pm) William L.: Sure. Let me see what I can do with those information. Just a moment.

(1:45:18pm) William L.: May I ask what plugin are you attempting to use for the remote request to the HTTPS:// URL?

(1:46:01pm)Remco:The “Pronamic iDEAL” plugin… for an Dutch payment provider connection

(1:46:25pm) William L.: Thank you, Remco.

(1:46:31pm) William L.: Please bear me with a few minutes over here.

(1:50:36pm) William L.: In order to update curl, unfortunately you would need root access to complete this. As such you will want to look into upgrading to a VPS ( http://www.hostgator.com/vps-hosting/ ) or dedicated server ( http://www.hostgator.com/dedicated ) if this is something that is mission critical for you. I apologize for any inconvenience this has caused you.

You would either need to contact with the plugin developer in regards of such issue or update your server package to a VPS or a dedicated server in order to update cURL to the latest and stable version.

(1:52:52pm) Remco: Hmm, and why don’t you update cURL on this server to the latest and stable version? There is a bug in cURL version 7.19.7 so i think it’s your responsibility to update to fix the issue.

(1:55:16pm) William L.: I will be able to request of such for you. However, in order to do so, I will need to fully verify you. Are you able to obtain the billing password, or security pin?

(1:57:35pm) Remco: I probably can obtain this information, but again i don’t see why you need this. The cURL library is outdated, you guys just have to update. Version 7.19.7 o cURL was launched in 2009, we are now 2015. Can you guarantee an update if i get this billing password?

(1:58:23pm) William L.: I will not be able to guaranteed anything as this task will be performing by our support admin, which is why verification is mandatory prior to updating curl since we are going to be performing change on account.

(2:00:38pm) Remco: Hmm, this approuch is not very client friendly… it will only delay an solution… and you can’t even guarantee an solution… since it’s very clear that the cURL library is outdated…

(2:01:54pm) William L.: http://support.hostgator.com/articles/hosting-guide/hardware-software/what-software-and-program-versions-does-hostgator-offer

cURL 7.15.x (also libcurl and PHP/CURL)

We do our best to keep software and program versions as up to date as possible. Our technical team regularly evaluates software updates and pushes updates across HostGator’s servers as they are deemed secure and appropriate for HostGator’s shared hosting environment.

(2:03:54pm) Remco: That’s not really credible, cURL version 7.15 was launched 8.9 years ago. And still you say you do your best to keep software and program version as up to date as possible?

(2:04:03pm) William L.: Okay.

(2:04:08pm) William L.: I am sorry for the frustration.

(2:04:31pm) William L.: If you would like to proceed, please provide the billing details as the verification method and I would have this ticket generate for you so that our admins can work on it.

(2:05:59pm) Remco: I don’t have that information now, i think you have enough details to proceed anyway…

(2:06:47pm) William L.: Remco, please understand I am attempting to assist with you. However, without the verification details, I will not be able to proceed. You can always contact us when you do have the information and we will be glad to generate the ticket for you.

(2:10:00pm) William L.: I hate to bother, are you still with me?

(2:10:14pm) Remco: Ok, i’m disappointed in the way you handle this. I will ask my client to mail you this conversation so you can proceed and hopefully fix this issue asap. I will also recommend to consider switching to another hosting company.

(2:11:19pm) William L.: I am very sorry in regards of such experience you are currently experiencing. Please understand that we take account’s security matter very seriously hence the verification process before we perform changes on account.

Is there anything else you might need assistance with?

(2:12:54pm) Remco: I understand you take account’s security matter very seriously… maybe you contact the client yourself and make sure the problem is solved… i really think your client would appreciate that!

(2:13:19pm) William L.: Absolutely. I understand. May I ask if you have any further question for me today?

(2:15:37pm) William L.: This chat will now be terminated due to inactivity. If you need anything else, please start a new live chat session. We would be glad to assist you further. Take care and have a great day!

(2:15:42pm) System: This chat has ended. Click Rate And Exit to rate the representative and our company!

After this our client contacted HostGator for the cURL update, their response:

Hello, and thank you for contacting HostGator.com,

We maintain the same version of cURL across all of our shared servers. Unfortunately, we are unable to upgrade cURL for only your account as it would affect our other customers and their sites on the server. If you need an different version of cURL, you will need to upgrade to either a VPS or a dedicated server. We recommend these for our customers who are wanting specialized setups or different versions of software on their server.

If you are interested in upgrading, I would suggest looking ove rthe types of hosting that we offer: http://support.hostgator.com/articles/hosting-guide/hosting-plan-comparison/shared-environment-vs-dedicated-environment

http://support.hostgator.com/articles/hosting-guide/hosting-plan-comparison/articles/hosting-guide/hosting-plan-comparison/how-do-i-choose-which-hosting-plan-is-right-for-me

Read more about why you need to avoid HostGator on https://yoast.com/avoid-hostgator/.

9 gedachten over “HostGator cURL outdated, disappointing support”

  1. I am having the same issue after downloading the ad manager oio publisher. Did everything I could but to no avail. The plugins don’t update and can’t install any plugin. Contacted hostgator but received a silly answer like “deactivate your plugins and the problem will end”. Really considering moving my account now. The support has never been worse.

  2. I’ve had exactly the same experience, chat and response from Arvixe. They’re using a version of cURL 9 years old.
    I too am trying to use an iDEAL extension.
    They told me the same thing: we can’t upgrade it fleet wide so please upgrade to dedicated hosting.

    It almost seems like they deliberately don’t upgrade their shared hosting software so people have to upgrade…

  3. I also had a problem with CURL version on hostgator .

    They suggested to upgrade my shared hosting plan.

    I was able to make CURL work on PHP 5.5

    I have enabled PHP 5.5 in .htaccess file:

    AddHandler application/x-httpd-php55 .php

    Then I have made CURL connect via TLS with:

    curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

    Entire CURL code that works for me on shared hostgator plan with PHP 5.5 :

    $req = http_build_query($parameters);

    $ch = curl_init($url);
    if ($ch == FALSE) {
    return FALSE;
    }
    curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
    curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(‘Connection: Close’));
    $res = curl_exec($ch);

    1. they would love to update the curl version however it will prolly break and cause security issues on your website which is why they haven’t done it . I’d rather use a stable version of something then something that is has vulnerabilities. It is ob ivous you guys have no idea what it is like to run thousands of servers. and keep them maintained.

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *