Some not working feeds

A lot of feeds ~300 are working without an issue but some i cannot get to work. In browser like Chrome they are watchable.

Two examples:
https://cadooks.com/feed/
Die angegebene URL konnte nicht heruntergeladen werden: ; file_get_contents(https://cadooks.com/feed/): failed to open stream: operation failed

teqqy.de
Die angegebene URL konnte nicht heruntergeladen werden: ; file_get_contents(teqqy.de): failed to open stream: Connection timed out

Cody Hosterman
unable to fetch: ; file_get_contents(Cody Hosterman): failed to open stream: operation failed [-1]

My system is:
Debian Buster
Tiny Tiny RSS v19.2 (5829ee9)
|# PHP Version 7.3.4-2|
PostgreSQL 11.2 (Debian 11.2-2)

Any ideas here?

Thanks

I have no problems subscribing to these feeds, I’m on the same version of TT-RSS, but use PHP 7.2.9 and PostgreSQL 11.1. Myfeedsucks also does not seem to have any problem.

Possibly irrelevant, possibly a clue, idk? But. Going to ‘W3C Feed Validator’ (validator_w3_org) and entering the first and third feed url that op listed and clicking ‘Check’ yields this error:

Server returned [SSL: WRONG_SIGNATURE_TYPE] wrong signature type (_ssl.c:727)

.

Maybe a connectivity issue on your server running TTRSS? (lib)curl and OpenSSL on Buster should both be up-to-date.

If you have shell access, you can try fetching the feed using the command line and check for any errors:

curl -vvv -o /dev/null https://feed/

Example output:

About to connect() to teqqy.de port 443 (#0)
*   Trying 94.16.114.60...
* Connected to teqqy.de (94.16.114.60) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=teqqy.de
*       start date: May 31 21:59:51 2019 GMT
*       expire date: Aug 29 21:59:51 2019 GMT
*       common name: teqqy.de
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET /feed/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: teqqy.de
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/rss+xml; charset=UTF-8
< Date: Mon, 22 Jul 2019 07:40:58 GMT
< Etag: "...-gzip"
< Last-Modified: Fri, 12 Jul 2019 13:38:35 GMT
< Link: <https://teqqy.de/wp-json/>; rel="https://api.w.org/"
< Server: Apache/2.4.38 (Debian)
< Vary: Accept-Encoding
< X-Powered-By: PHP/7.3.7
< X-Robots-Tag: noindex, follow
< Transfer-Encoding: chunked
<
{ [data not shown]
100 15192    0 15192    0     0  37891      0 --:--:-- --:--:-- --:--:-- 37980
* Connection #0 to host teqqy.de left intact

Thanks for all your answers :slight_smile:

My system is a dedicated root server and all my services like tinyrss are running in its own lxc container.

Today i saw, that i have not installed curl and php7.3-curl.
After this, i now see different messages:

https://cadooks.com/feed
Die angegebene URL konnte nicht heruntergeladen werden: ; 35 error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type

teqqy.de
Die angegebene URL konnte nicht heruntergeladen werden: ; 28 Connection timed out after 15000 milliseconds

Cody Hosterman
Die angegebene URL konnte nicht heruntergeladen werden: ; 35 error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type

so two of them are now showing the same message as @martywd posted.

I had same problem. I could fix it by remove the default setting in /etc/ssl/openssl.cnf

These problem started after upgrading to buster which have a stricter requirements that not all web site have configured

Lower SECLEVEL to 1 might be enough:
CipherString = DEFAULT@SECLEVEL=1

@schafdog

thanks, with this setting and a reboot of the container feed 1 and 3 are working now :slight_smile:

Feed 2, teqqy.de, has to be something with ipv6 connectivity… ipv6 on host is enabled and in my lxd containers it is disabled.

a “curl -vvv -o /dev/null teqqy.de” is endless:

> * Expire in 4 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 4 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 4 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 5 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 5 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 4 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 6 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 6 ms for 1 (transfer 0x55a28dd29c40)
> * Expire in 7 ms for 1 (transfer 0x55a28dd29c40)
> * Trying 94.16.114.60…
> * TCP_NODELAY set
> * Expire in 149988 ms for 3 (transfer 0x55a28dd29c40)
> * Expire in 200 ms for 4 (transfer 0x55a28dd29c40)
> * Trying 2a03:4000:28:28c::100…
> * TCP_NODELAY set
> * Expire in 149988 ms for 3 (transfer 0x55a28dd29c40)
> * Immediate connect fail for 2a03:4000:28:28c::100: Die angeforderte Adresse kann nicht zugewiesen werden
> * Trying 2a03:4000:28:28c::100…
> * TCP_NODELAY set
> * Expire in 149988 ms for 3 (transfer 0x55a28dd29c40)
> * Immediate connect fail for 2a03:4000:28:28c::100: Die angeforderte Adresse kann nicht zugewiesen werden
> 0 0 0 0 0 0 0 0 --:–:-- 0:00:01 --:–:-- 0 Trying 2a03:4000:28:28c::100…*
> * TCP_NODELAY set
> * Expire in 149988 ms for 3 (transfer 0x55a28dd29c40)
> * Immediate connect fail for 2a03:4000:28:28c::100: Die angeforderte Adresse kann nicht zugewiesen werden
> 0 0 0 0 0 0 0 0 --:–:-- 0:00:02 --:–:-- 0 Trying 2a03:4000:28:28c::100…*
> * TCP_NODELAY set
> * Expire in 149988 ms for 3 (transfer 0x55a28dd29c40)
> * Immediate connect fail for 2a03:4000:28:28c::100: Die angeforderte Adresse kann nicht zugewiesen werden
> 0 0 0 0 0 0 0 0 --:–:-- 0:00:03 --:–:-- 0 Trying 2a03:4000:28:28c::100…*
> * TCP_NODELAY set
> * Expire in 149988 ms for 3 (transfer 0x55a28dd29c40)
> * Immediate connect fail for 2a03:4000:28:28c::100: Die angeforderte Adresse kann nicht zugewiesen werden
> 0 0 0 0 0 0 0 0 --:–:-- 0:00:04 --:–:-- 0 Trying 2a03:4000:28:28c::100…*
> * TCP_NODELAY set
> * Expire in 149988 ms for 3 (transfer 0x55a28dd29c40)
> * Immediate connect fail for 2a03:4000:28:28c::100: Die angeforderte Adresse kann nicht zugewiesen werden
> 0 0 0 0 0 0 0 0 --:–:-- 0:00:05 --:–:-- 0^C

ok this is not a specific ipv6 problem…

cannot even ping 94.16.114.60 from my host.
on home connection and an other host i can ping teqqy.de
→ so i am simple blocked by this site :slight_smile: :frowning:

thank you @all for your help!