Stripe webhook throws TLS failure

OksanaN · July 8, 2020, 3:07pm

Hello,
I’m struggling to set up Stripe webhook and it fails due to TLS error. Stripe support suggests that this may happen due to the incomplete chain, but as far as I can see we do not have chain issues according to this report https://www.ssllabs.com/ssltest/analyze.html?d=merit.sportysystems.com&hideResults=on

Please advise what can be done here.

My domain is: https://merit.sportysystems.com/

I ran Stripe web-hooks

It produced this output: TLS error

My web server is (include version): nginx/1.17.10

The operating system my web server runs on is (include version): Debian GNU/Linux 10 (buster)

My hosting provider, if applicable, is: not applicable

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): don’t know what it is and how to ckeck it

JuergenAuer · July 8, 2020, 3:28pm

Hi @OksanaN

there is a check of your domain, ~~5 hours old - https://check-your-website.server-daten.de/?q=merit.sportysystems.com#connections

There is no chain problem visible.

Chain (complete)		1	CN=merit.sportysystems.com
		2	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US

But I have no idea what Stripe webhooks are and how they work

It produced this output: TLS error

Isn't there a better / longer output?

PS: Searched, found that:

What's your endpoint you want to use? May be you use a different port.

OksanaN · July 8, 2020, 4:52pm

Hi,
Thanks for the response.
In general, when (in my case) a subscription is getting updated a webhook on Stripe’s end is triggered. It calls our endpoint at
https://merit.sportysystems.com:1000/api/stripe/webhook and failes with that TLS error.

Unfortunately, there’s no longer output - please see the screenshot, it’s the only error info available.

JuergenAuer · July 8, 2020, 5:22pm

That's

expected.

It's not the standard port. And - it's a http port - https://check-your-website.server-daten.de/?q=merit.sportysystems.com%3A1000%2Fapi%2Fstripe%2Fwebhook

Domainname	Http-Status	redirect	Sec.	G
• http://merit.sportysystems.com:1000/api/stripe/webhook 51.83.128.58	405	Html is minified: 100,00 %	0.530	M
Method Not Allowed

• https://merit.sportysystems.com:1000/api/stripe/webhook 51.83.128.58	-4		0.170	W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send.

• http://merit.sportysystems.com:1000/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 51.83.128.58 GZip used - 574 / 1552 - 63,02 %
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/858	404	Html is minified: 340,35 %	0.516	A
Not Found
Visible Content: 404 Not Found

http answers with a http status, but connecting that port via https there is no answer.

Curious, that Stripe doesn't check that.

Change that port configuration, so it works as a https port. Use the port 443 vHost as template.

OksanaN · July 9, 2020, 9:58am

Thanks you for your help - the issue was indeed related to port. Resolved now

system · August 8, 2020, 9:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.