#getify_webhooks-tls

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1494755154237329581

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

getify_webhooks-tls

Looking at that Event it seems you have a misconfigured TLS certificate

So we (Stripe) try to send an Event and it fails because we can't negotiate over HTTPS and we stop

my site works fine on that SSL certificate.

yeah but browsers can be extremely permissive with SSL certificates

the Dashboard is supposed to show a clear TLS error though. My team even built this warning because we got that question so often. Can you share a screenshot of what you see right now?

no I meant in the Dashboard for the delivery attempt

https://support.stripe.com/questions/webhooks-how-to-investigate-and-fix-tls-error explains what to do to investigate

damn it, someone must have removed the logic that literally showed a big warning and a link to that support article (╯°□°）╯︵ ┻━┻

you are delivering lots of my other webhooks just fine... it's JUST this one webhook failing

you shared your website in that picture, are you okay with me linking you to that search that shows the problem?

ummm.... sure? but please explain to me how the other webhooks are working fine if my cert is bad

https://www.ssllabs.com/ssltest/analyze.html?d=playct3.com

This is the issue

but please explain to me how the other webhooks are working fine if my cert is bad
I'm not an expert. Maybe you have multiple servers or something in front of your domain that sometimes renders the wrong TLS cert/chain?
That's what I would investigate at least

I do not have multiple servers. it's just one VM.

I reissued my SSL cert (on apr 11) as required, yes... but I did the exact same thing (with the exact same software) as I've done for years and never had any of this problem.

I'm not sure sorry. TLS certs aren't something I debug much. But this ssllabs result is really the issue. Something somewhere in the way you added the cert is missing or expired

Looking at our logs, many Event deliveries are failing not just that one

so I do think you did something with the cert that was incomplete

how am I supposed to know what in that SSL labs response is actually what Stripe is choking on?

ok, I just updated the bundle (should not have been different). that report says A+ now.

and now the webhooks seem to go through.

thank you for highlighting the issue. disappointing that the UI doesn't have that information (as you initially mentioned it should)

for sure, I don't know what happened and I will now go chase that down because damn my team spent months building the right warnings because we got that question so often

we can close this thread now. thank you.