Letsencrypt, Redsys and Plesk


#1

Redsys is the standard VISA payment method in Catalonia and Spain. They do not accept SNI and therefore payments do not work as expected with Letsencrypt SNI Certificates.
The error in prestashop is odd. The transaction is made but redsys fails to inform prestashop back, so you finish having some money in your account you don’t know were it came from.
If you are lucky enough, you can look at your website last customers and shopping carts and guess who bout what, but if your customer changed it’s shopping cart after buying… well, you’ll have to guess who bought what.

Anyway, It is my understanding that when our shop server starts the conversation it uses proper certificates, but when Redsys starts the conversation back, it uses old XP/Java code that do not use SNI and then the certificat used by the server is the one you have as default by the IP given.

I found no way to assign a letsencrypt certificate to an IP in Plesk. For whatever reason you cannot use your web certificates as IP certificates in plesk.

Yet, I discovered that, if you use a default website in a IP, the certificate from that website comes first that the default certificate of the IP.

So, in theory that should solve the problem.

Tip: Support people from CaixaBank has given me a document pdf, version 1.29 and dated on february 2016 that says that Letsencrypt is not accepted as a valid certificate agency. Yet there is a newer version of the same document (dated in april 2016 if i am not wrong) were Letsencrypt is in the list.
In fact they stay in their info that the certificate must be installed at IP level (true) but it does not have to have SNI. I do thing this statement is wrong.

Very professional. Very professional.


#2

I appreciate the time you’ve taken to write this up, and I’m sorry to see more reports of payment processors that don’t use SNI. It’s very unfortunate and I hope they will keep being encouraged by their customers to adopt SNI.

I just wanted to point out that the Let’s Encrypt certificate itself isn’t an “SNI certificate”, as nothing about the certificate either requires or forbids it to be used with SNI. Whether it is used with SNI depends entirely on the web server configuration, as the rest of your message makes clear.


#3

@epertinez

Is your issue that the callbacks from Redsys are not working on your webserver?

Are they coming back on your IP rather than hostname?

Plesk manages domains not IPs from what I understand.

Andrei


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.