2

I am trying to set up webhooks for Stripe. The webhook connects to https://authdomain.subd.com which then forwards the request (after adding a validation token) to http://www.workdomain.com

Both these urls are hosted on the same server.

Payment Intents generated from http://www.workdomain.com successfully go into Stripe.

(Update: I can also query run successful Stripe commands like \Stripe\Charge::all() from authdomain, which verifies that TLS 1.2 supported)

However the webhook returns a TLS error when trying to connect to https://authdomain.subd.com. I have whitelisted Stripe's IP as listed here enter link description here

This process is working fine when I test it locally using a CLI, so I know I don't have to install Stripe on my auth layer project.

But for some reason when I try this on my live server it doesn't work on my live server.

Is there any reason this is happening?

Thanks for the help

Improve this question

1 Answer 1

Reset to default
3

This can be caused by any number of things, but the most common is an incomplete certificate chain. I'd recommend using Qualys' SSL Labs tool to check your server's TLS configuration. For example, to check the domain you shared:

https://www.ssllabs.com/ssltest/analyze.html?d=https://authdomain.subd.com&hideResults=on

If any of the intermediate chain certificates are marked as "missing" in this report, it can cause Stripe to refuse to connect to your webhook (as Stripe can't tie your TLS certificate back to a known global CA). Usually the fix is to download any missing certificates (the tool tells you which one) and add them to your production TLS configuration / bundle. You may need the help of your hosting company to configure this.

To test your repair, re-run the SSL Labs check after deploying the new certificate bundle and see if it's now resolved. Beyond that, if the problems persist I'd recommend writing Stripe support!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks. I'm getting a 'Chain Issues: Incomplete' right now. Checking if there are intermediate certs missing
After fixing the SSL certificates this issue was resolved. Thanks.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.