|
William P Riley
|
April 3, 2015 at 5:59 pm
I’ve been running EE3 for more than a year without issue. About 10 days ago, PayPal IPNs started failing. See sample entries from paypal.ipn_results.log (these are from the same event):
March 23rd payment that worked:
redacted – Event Espresso support team – LOC
The puzzling error line is:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed[04/03/2015 5:20 PM]
Note that this is NOT a secure domain (no SSL certificate installed). Should EE3 be checking for a valid SSL certificate? If it shouldn’t, what’s making EE3 think this is a secure domain? I queried my hosting technical support who tells me there’s been no system updates in the last six weeks.
I tried the minimal template but got the same issue.
Thanks for your help.
|
|
Lorenzo Orlando Caum
|
April 3, 2015 at 6:37 pm
Hi there, could you take a look at this solution?
https://eventespresso.com/topic/cant-see-force-https-on-return-url-setting/#post-70897
—
Lorenzo
|
|
William P Riley
|
April 3, 2015 at 9:16 pm
Lorenzo, I did the following:
1) Downloaded cacert.pem from your provided post link and uploaded it to /www/conf/ on my server.
2) Added the following to php.ini:
curl.cainfo=/www/conf/cacert.pem
3) Restarted Apache
I still have the problem. Here’s the IPN log file error:
Errors resulting from the execution of curl transfer: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed[04/03/2015 9:04 PM] – FAIL: IPN Validation Failed . /cgi-bin/webscr : http://www.paypal.com
IPN POST Vars from gateway:
mc_gross=0.30, protection_eligibility=Ineligible, item_number1=, tax=0.00, payer_id=L8MYPHSVWVV4Q, payment_date=20:04:06 Apr 03, 2015 PDT, payment_status=Completed, charset=windows-1252, mc_tax1=0.00, mc_shipping=0.00, mc_handling=0.00, first_name=William P, mc_fee=0.30, notify_version=3.8, custom=, payer_status=verified, business=executivedirector@elpasocountybar.org, num_cart_items=1, mc_handling1=0.00, verify_sign=AHwMiLGRIf3Mua.KaiPDYShp2o6XAkm0fmuhKTMz9Yn5nlLCdG6v9yIx, payer_email=patriley@ezinger.com, mc_shipping1=0.00, tax1=0.00, txn_id=3DM90981J4097034J, payment_type=instant, payer_business_name=Digital Personalities, last_name=Riley, item_name1=General Admission for Bench & Bar Luncheon Attendee: Billy Riley, receiver_email=executivedirector@elpasocountybar.org, payment_fee=0.30, quantity1=1, receiver_id=RNPP758RUEW6C, txn_type=cart, mc_gross_1=0.30, mc_currency=USD, residence_country=US, transaction_subject=, payment_gross=0.30, ipn_track_id=c0d6609b29be2,
IPN Response from gateway Server:
Did I do the above correctly?
Alternatively, is there a code hack I can add to bypass this SSL check (worthless as this is not a secure domain)?
Thanks.
|
|
William P Riley
|
April 3, 2015 at 9:21 pm
PS – My PayPal IPN settings:
Notification URL http://www.elpasocountybar.org/transactions/
Message delivery Enabled
|
|
William P Riley
|
April 3, 2015 at 9:24 pm
Also, this was working up to about 10 days ago in the same event. I’ve not changed any settings. Is there a reason this once worked without a cacert.pem file installed?
|
|
Tony
|
April 6, 2015 at 6:31 am
The CA file is used to verify the host (PayPal) cert can be trusted not your own so the CA file is needed as the IPN is verified over HTTPS.
The same error is being thrown:
Errors resulting from the execution of curl transfer: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed[04/03/2015 9:04 PM]
Which usually means the CA file can not be found, or is outdate and does not include the HOST CA record.
What kind of hosting are you using?
|
|
William P Riley
|
April 6, 2015 at 3:54 pm
Tony, thanks. I found this “fix” which which works fine for me as this is not an SSL site:
add:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
to Paypal.php:
…/wp-content/plugins/event-espresso/gateways/paypal/Paypal.php
line before calling curl_exec statement (currently before line 107)
I hope this may be useful to others.
|
|
Josh
|
April 6, 2015 at 4:24 pm
Hi William,
That’s a less secure way of handling things, but does work.
|
