#Brotzka - 525 error
lucid vine
grizzled nymph
Are you seeing the HTTP 525 in your server's network logs then? Or are they coming up elsewhere?
hasty vault
Unfortunatelly not.. Taking a look at my cloudflare analytics, Stripe is not the only service running in this error. All have in common that the x-request-with header is not set
grizzled nymph
Can you input your URL here: https://www.ssllabs.com/ssltest/analyze.html and look for a section marked as "Extra download" under the items in the Certificate Path?
hasty vault
Of course. I will take some time for the analyse to run
hasty vault
I can not find a section where I could download something.. I've clicked through all 6 Servers
grizzled nymph
Do you have Certification paths somewhere in that report? If so, can it be expanded to look for Extra download
It may not be there, but I wanted to check as a preliminary troubleshooting step
hasty vault
For a specifc server?
grizzled nymph
Correct.
hasty vault
This is all I have under Certification Paths
https://www.ssllabs.com/ssltest/analyze.html?d=faaren.com&s=172.67.73.221&hideResults=on
Here is the link if you want to take a look
grizzled nymph
Thanks for that, let me dig a bit on this and circle back
hasty vault
Thank you very much!
grizzled nymph
Unfortunatelly not.. Taking a look at my cloudflare analytics, Stripe is not the...
Are you able to copy/paste the whole Stripe user agent text from this screenshot and paste it here in this thread?
grizzled nymph
Thanks for that. Will circle back in a few
hasty vault
๐
grizzled nymph
Can I also snag your Stripe account ID? You can find it at the bottom of the Profile view in the dashboard
hasty vault
acct_1CmCnBDrOnr1vuz2
grizzled nymph
Still working on this. Apologies for the wait
hasty vault
No worries ๐
grizzled nymph
Did your SSL config change recently? Perhaps around 10/4?
hasty vault
Good question.. Currently we are setting up infrastructure in the US. It could be that we made some changes regarding SSL in this time
grizzled nymph
The one thought I had was that you might be trying to use TLS 1.1, which we don't allow: https://support.stripe.com/questions/upgrade-your-stripe-integration-from-tls-1-0-to-tls-1-2
Hard to tell from our logs if these are failing for that reason though. Can you confirm you're using only 1.2 or greater on all your certs?
hasty vault
I thought I disabled TSLv1.0 and v1.1 on the related servers, but the analyse shows that it is still in use
But we didn't change the servers in the last weeks. And I can see that this was something from 2018. But nevertheless I will give it a try and remove all settings regarding TSL v1.0 and v1.1
And our API calls to Stripe work as expected
grizzled nymph
I believe all the failures are coming from webhook attempts, since you can see the 525 errors coming through here: https://dashboard.stripe.com/webhooks/we_1F84ahDrOnr1vuz2QeCMFOC8 so it might just be the server with your webhook endpoint that is attempting to use TLS 1.1