#max_product-images

👋 Welcome to your new thread!

⏲️ We'll be here soon! We typically respond in a few minutes, but in some cases we might need a bit more time (e.g., server's busy, you've got a complex question, etc.).

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1260735347055132733

📝 Have more to share? Add details, code, screenshots, videos, etc. below.

@gritty meadow I assume you are creating a Product/Price and passing the image(s) URLs at that time. Do you have an example Product id I can look at?

My guess is that we try to fetch the image from your server and we get an error. Since we cache the images locally on our end, if we can't access/download them then we don't show them

I think ithat same - problem is cachce. However inages are reacbable on https.
We workarounded by creating separate server instance with http to only serve images for stripe. I’ll try to simulate that original problem(maybe it will take time to revert changes with http server)

For us to download the images we need the URL to be reachable but we also need your HTTPS URL to have a valid TLS certificate. Often the issue is that you have misconfigured this
Can you share an example URL for me to look here?

max_product-images

Try https://bimmershop.sk
Pick up car model and product’s category, click on Pridat do kosika, enter random data and get redirected to stripe

to be clear all I need is an exact URL to one of your images, can you share just that?

Maybe this helps https://www.bimmershop.sk/uploaded-files/medium/6f654c619def032fc9bc968e4a8bccbc.jpg

yeah I wanted to make sure it was the same domain

so when I look at SSL Labs for your domain I see this https://www.ssllabs.com/ssltest/analyze.html?d=bimmershop.sk

you seem to have multiple servers and one doesn't have the right TLS certificate and I think that is likely the problem

That might be that “workarounded” http one

@gritty meadow okay I tried locally and I see something in our logs that might be the issue. msg="Empty content-type returned" error="<nil>"

So it looks like something is mis-configured on your server and not properly returning a Content-Type header

I also get ```* Closing connection
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.bimmershop.sk'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.``` when I curl locally

so I do think that's part of the problem

I don’t think so, because when we changed url to be http, everything worked. As soon as we enabled https, stripe started to not showing images. No code changed on our side

sure but it's possible for your "enable HTTPS" to change some setting internally.
But really I would start with the TLS certificate being mis-configured. You can see this error just curling that URL yourself in a terminal

Strange, bcs I tried to curl it from terminal and it created new jpg file

I used:

curl https://www.bimmershop.sk/uploaded-files/medium/6f654c619def032fc9bc968e4a8bccbc.jpg --output /Users/Max87/Downloads/Data/MaxApp/bmwgarage/obrazky/curl/image.jpg

sure but try to curl with -vvvv and you will see the same warnings I did I assume
curl is flexible with this and so is Chrome but when we (Stripe) make that HTTPS request to fetch the image, if the TLS certificate is invalid we just stop and ignore the response

Can you please paste command that I can try? Deleting www on address prefix created image as well without errors

All I did is curl -vvvv https://www.bimmershop.sk/uploaded-files/medium/6f654c619def032fc9bc968e4a8bccbc.jpg

This is my output:

* Host www.bimmershop.sk:443 was resolved.
* IPv6: (none)
* IPv4: 34.107.96.70
*   Trying 34.107.96.70:443...
* Connected to www.bimmershop.sk (34.107.96.70) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=bimmershop.sk
*  start date: Jul  1 00:00:00 2024 GMT
*  expire date: Sep 29 23:59:59 2024 GMT
*  subjectAltName: host "www.bimmershop.sk" matched cert's "www.bimmershop.sk"
*  issuer: C=AT; O=ZeroSSL; CN=ZeroSSL RSA Domain Secure Site CA
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /uploaded-files/medium/6f654c619def032fc9bc968e4a8bccbc.jpg HTTP/1.1
> Host: www.bimmershop.sk
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Thu, 11 Jul 2024 00:16:14 GMT
< Connection: keep-alive
< Keep-Alive: timeout=5
< Transfer-Encoding: chunked

Hi @gritty meadow I’m taking over this thread. Give me a second to catch up

So this is the report from SSL lab, and it appears that one of your server's certificate isn't valid for the domain name.

SSL certificate verification was successful in your test because you were connected to 34.107.96.70, and that server has valid certificate.