problem with webhooks after SSL renewal

[Christian Malpeli]

I recently renewed by SSL certificate, and since then webhooks are failing.

I replicated a webhook via curl and received the following message:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"

 of Certificate Authority (CA) public keys (CA certs). If the default

 bundle file isn't adequate, you can specify an alternate file

 using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

 the bundle, the certificate verification probably failed due to a

 problem with the certificate (it might be expired, or the name might

 not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

 the -k (or --insecure) option.

If I run the curl w/ -k option it works fine.

I have verified my SSL is installed properly (https://www.sslshopper.com/ssl-checker.html) reporting everything is fine.  Any thoughts as to what could be going on?

[Matthew Arkin]

Without being able to test your url directly I can't really say whats happening, but my initial guess is either an incomplete certificate chain or that your certificate is no longer using a secure cipher set (both of these are the two main cases I've seen).

https://www.ssllabs.com/ssltest/analyze.html tends to do a very extensive test and provides good insight into possible issues.

--
You received this message because you are subscribed to the Google Groups "Stripe API Discussion" group.
To post to this group, send email to api-d...@lists.stripe.com.
Visit this group at http://groups.google.com/a/lists.stripe.com/group/api-discuss/.

To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss...@lists.stripe.com.