|
Samantha Clarke
|
June 12, 2015 at 7:58 am
Hello,
I am currently using Event Espresso 3 to create class events and have student enroll. The problem comes in when we attempt to process any payments for classes. The customer is taken to PayPal without a problem and they are able to check out, but upon returning my site the client is seeing that their registration is saying incomplete and is automatically being taken right back to PayPal to pay again. They have been receiving payment confirmations from PayPal but the registration process seems to end there. When I look in the back end I can see the users that have registered being marked as incomplete. Can someone please help me try and figure out what is causing this problem.
Thanks,
|
|
Tony
|
June 12, 2015 at 8:08 am
Hi Kevin,
Which version number of Event Espresso 3 are you using currently?
|
|
Samantha Clarke
|
June 12, 2015 at 8:14 am
Tony,
I am currently using Version 3.1.37.4.P on WordPress Version 4.2.2
|
|
Tony
|
June 12, 2015 at 8:25 am
Have IPN’s been set up on your PayPal account?
If you follow the steps here:
https://eventespresso.com/wiki/how-to-set-up-paypal-ipn/
You can see if both IPNs and Auto Return has been enabled.
|
|
Samantha Clarke
|
June 12, 2015 at 8:33 am
Tony,
Yes they are both active. I have double checked this morning.
|
|
Tony
|
June 12, 2015 at 8:39 am
If you edit one of the registrations, does it show any amount paid? – http://take.ms/BHvEO
Do you have FTP access to the server?
|
|
Samantha Clarke
|
June 12, 2015 at 8:49 am
Tony,
The amount paid is show as $0 and yes I can access the server.
|
|
Tony
|
June 12, 2015 at 8:53 am
Using FTP go to /wp-content/uploads/espresso/logs/
Within there you will find a paypal.ipn_results.log file.
Can you check if any errors are being thrown in there when validating the IPN. If you are unsure, please send a copy to support[at]eventespresso.com and we can take a look.
|
|
Samantha Clarke
|
June 12, 2015 at 9:12 am
Errors resulting from the execution of curl transfer: SSL certificate problem: unable to get local issuer certificate[06/11/2015 11:46 AM] – FAIL: IPN Validation Failed . /cgi-bin/webscr : http://www.paypal.com
|
|
Tony
|
June 12, 2015 at 9:41 am
Either the server has no root CA file, the one it has is out of date or is using a self signed certificate.
I recommend contacting your host and have them investigate this. Its likely they need to install a root CA file on the server.
|
|
Samantha Clarke
|
June 12, 2015 at 12:01 pm
I was in contact with those running the server. Is it possible for you to hand us a guide that works with event espresso for the installation of the root CA file. The server that the site is on is a Windows 2008 R2 Server. Installing it would be no problem.
|
|
Tony
|
June 15, 2015 at 3:44 am
The error isn’t actually being thrown by Event Espresso, it is being thrown by cURL because its trying to connect via HTTPS and can not. As long as your CA files are installed this should work without a problem, you do not need any other specific settings for Event Espresso to work.
We recommend using Linux based hosting with Event Espresso as that is what it is developed and tested on, unfortunately I don’t have any experience setting up Windows servers. I did a search and found these for more info:
https://www.digicert.com/ssl.htm
https://www.digicert.com/ssl-certificate-installation.htm
https://technet.microsoft.com/en-us/library/cc731183.aspx
And this seems to provide instructions that will update the CA files:
http://serverfault.com/questions/541922/where-to-get-root-ca-certificates-for-windows-server-now-that-microsoft-no-longe
However I am unsure if this will be the same for your server set up.
Generally your host should have experience setting this up on their servers.
|
|
Samantha Clarke
|
June 16, 2015 at 9:51 am
We loaded the CA for the public cert into the seller preferences of PayPal -> Encrypted payment Settings -> Certificates
Downloaded the Paypal API cert from same area and loaded into webserver.
We made progress in the fact that when we are returned to our site we see that the payment was accepted but when I went to check the back end the system still shows the attendee as unpaid with the payment total being $0.
|
|
Tony
|
June 16, 2015 at 9:57 am
If you recheck the same PayPal IPN log file from above now, what do you see for the latest registration?
|
|
Samantha Clarke
|
June 16, 2015 at 10:35 am
Errors resulting from the execution of curl transfer: SSL certificate problem: unable to get local issuer certificate[06/16/2015 9:38 AM] – FAIL: IPN Validation Failed . /cgi-bin/webscr : http://www.paypal.com
|
|
Tony
|
June 16, 2015 at 1:00 pm
The certificates available through your PayPal account are not the correct files. So the same error is being thrown as the CA files still don’t exist.
Try following this:
https://snippets.webaware.com.au/howto/stop-turning-off-curlopt_ssl_verifypeer-and-fix-your-php-config/
Or
http://www.swiftsoftwaregroup.com/configuring-phpcurl-root-certificates-windows-server/
Which allows you to download the files and shows you how to set up the server to use them.
|
|
Tony
|
June 16, 2015 at 1:28 pm
To explain a little, the CA files are used to verify who signed the certificate that is being used within the request.
So right now cURL is attempting to connect to PayPal over HTTPS. During the handshake it will check the certificate has been signed by a known trusted Certificate Authority (CA) to do this it needs a list of those and their public keys to verify.
In a nut shell its to check that I’m not signing a cert stating I am someone I am not and attempting to process the request. (little more to it than that but that’s the general idea)
So cURL is trying to verify the connection, but doesn’t have that list of known good CA’s to compare against, so is refusing the connection because it can’t be sure its safe. Make sense?
Both of the guide above provide links to download these files which contain the list. These need to placed on your server and then PHP told where they are located, which should then allow the connection to work.
|
|
Samantha Clarke
|
June 17, 2015 at 4:46 pm
Tony:
We run a windows IIS 7.5 host with several website sites
all have one-to-one IP bindings – none are shared or host-headered
We’re running the latest version of WordPress on the site we are using Event Expresso.
PHP 5.3 is installed
We’ve followed the link you sent, downloaded/created the cert bundle as outlined in them
https://snippets.webaware.com.au/howto/stop-turning-off-curlopt_ssl_verifypeer-and-fix-your-php-config/
http://www.swiftsoftwaregroup.com/configuring-phpcurl-root-certificates-windows-server/
Created path in PHP.ini (below), and restarted web services
;;;;;;;;;;;;;;;;;;;
; CURL Settings ;
;;;;;;;;;;;;;;;;;;;
curl.cainfo = “C:\Program Files (x86)\PHP\v5.3\curl-ca-bundle.crt”
still receive same error – no change
I did notice through other posts there is also a reference to having a ssl path in the site using the connection as opposed to centrally located on the server – I.E. /SSL/cert.pem
Is there a support upgrade to get more personalized assistance for this last issue – our client is up and running and taking registrations which are clearing Paypal just not posting back which makes the management portion useless.
Is there a way to temporarily turn off the SSL verify to prove it is working otherwise and this is only issue we have?
I notice there is a reference to both .crt and .pem depending on which post we review when trying to troubleshoot – which is required?
|
|
Tony
|
June 18, 2015 at 5:33 am
I notice there is a reference to both .crt and .pem depending on which post we review when trying to troubleshoot – which is required?
They are essentially the same thing in different formats. Either should work, although try both.
I did notice through other posts there is also a reference to having a
ssl path in the site using the connection as opposed to centrally located on the server – I.E. /SSL/cert.pem
You can set this up on a per site basis if you prefer, however the files will be the same for each site that requires this, so you could end up setting up the same thing multiple times.
Is there a way to temporarily turn off the SSL verify to prove it is working otherwise and this is only issue we have?
Yes but it is highly discouraged, it leaves the connection wide open for man-in-middle attacks as no verification is taking place.
Within \event-espresso\gateways\paypal\Paypal.php add:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Somewhere before line 109, personally I would use something link this:
$error["set_verifypeer"] = curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Around line 88 – http://take.ms/XRy9V
Is there a support upgrade to get more personalized assistance for this last issue – our client is up and running and taking registrations which are clearing Paypal just not posting back which makes the management portion useless.
We provide priority support for Event Espresso using our priority support tokens however, this isn’t an issue with Event Espresso itself, it is due to the server setup.
We would usually expect your hosting company to know how to set this up on their servers, or on Linux based hosting there is usually no problem doing the above. As mentioned I do not have any experience setting up Windows based server, I will check with the other members of the team (currently offline due to time differences so may take a little).
|
|
Samantha Clarke
|
June 18, 2015 at 7:48 am
Tony
thank you for your responses, much appreciated.
I agree, we do not want to run with the VERIFY disabled, just want to be sure we have a working element outside this issue, and we do. I disabled per your instructions this morning and it did work exactly as expected as far as post back goes.
I re-enabled the VERIFY so we are back to where we left off. Going to try using a relative path within PHP.ini for IIS, see if that makes a difference in outcome. will update
On one other note – when a user is transferred over to Paypal and completes the payment I noticed it does not auto-return the user back to the site they must click a link to return – any way to force and auto-return back to the site and not have to rely on them clicking on a link?
|
|
Tony
|
June 18, 2015 at 10:40 am
On one other note – when a user is transferred over to Paypal and completes the payment I noticed it does not auto-return the user back to the site they must click a link to return – any way to force and auto-return back to the site and not have to rely on them clicking on a link?
Auto Return is enabled through your PayPal account. Check the instructions here:
https://eventespresso.com/wiki/paypal-standard-payment-gateway/#setup
They are for EE4, however if you scroll down slightly you will find a section for Auto Return and IPN. Those are the same for both EE3 and EE4.
|
