Webhook test returning 500 Error


#1

Testing from

https://app.hubspot.com/developer/5129297/application/183759/webhooks

The Test subscription URL is

https://reports.instituteforsupplymanagement.org/api/hubspot/transaction.json

This works just fine when using the Workflow to create a contact. But every time the webhook is triggered through the app, it fails and gives no useful error information in the logs.


POST https://api.hubspot.com/webhooks/v1/183759/subscriptions/80023/test?portalId=5129297&clienttimeout=14000 HTTP/1.1
Host: api.hubspot.com
Connection: keep-alive
Content-Length: 319
Accept: application/json, text/javascript, /; q=0.01
Origin: https://app.hubspot.com
X-HubSpot-CSRF-hubspotapi: cJNfBQTiov6qET5s_gSKuw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
content-type: application/json
Referer: https://app.hubspot.com/developer/5129297/application/183759/webhooks
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __cfduid=d7e2dd07a285399b8d7eda1a550a7adb71525378272; _ga=GA1.2.697986784.1532445824; hubspotutk=27a616581ae540454d68f04048fe8ea8; prefs=0; hubspotapi-prefs=0; cookieverified=1; __hluid=25c2d8cf-8427-4ab0-b9f8-3ccc79c10cd3; _gcl_au=1.1.1523560021.1537568217; hs-ard=1541782155115; _gid=GA1.2.1948606762.1542035090; __idcontext=eyJjb29raWVJRCI6IklaUkFJU1gzQU01VjdKQkMzRlJSUjZBMkkzVDY0UDdaTFdYMkRaUExZVlZRPT09PSIsImRldmljZUlEIjoiSVpSQUlTVURKSUdITk9SMzJGN1RYWlpLS1BQWldGN1JLVFdPVldHWjZaT0E9PT09IiwiaXYiOiJQTUFZT1ZQUE0zRExJUTdJTElPVFFUN0U0UT09PT09PSIsInYiOjF9; __hssrc=1; hubspotapi-csrf=cJNfBQTiov6qET5s_gSKuw; __cfruid=f8f4775d3c0c014946e09eb8db3704a0a1addb21-1542053869; csrf.app=cJNfBQTiov6qET5s_gSKuw; csrf.api=xhZyMod3pWbthtQDSarxNw; __hstc=20629287.27a616581ae540454d68f04048fe8ea8.1536944611203.1542056994118.1542059440120.40; _hssc=20629287.1.1542059440120; hubspotapi=AJXaV51lkI-mRCiGnnCfMPsFRFtt7m83KjY0dNsky4A8PNCEFz2RwzAIscexeV1SjsSmORjaQUtqAB4IbZVzD2Ds92G6QUEKEJvXzi6hYsuX3WpgBA4TwrAoU1pXbw3xMNtF0ZsWziur1oebtqkV-pnl_CShl7CI1Bem9GPKa8WnaeoCoQyLKqrXbnKKLW3VK1RbcKngLye2d28qO1WEZt6RRR-kWM9G9ERfySrazps8bh5cy1pJrJL-durkJqrC6bNLPscQJqzlh91UBt-fPdT7PWPCovWWdsBJ8fWOCccUrWW92YZijkd3jMjcyhGMMdhQD4deCJjtLs55e0Awz8Mw8AsIbIx6nP3SZPG_pLxfNbSta4Lr_izT42Ounfum6j7yRDMGM1yvipe1fW7fMbHq94hHO32d-Zo_YzXb5SaDFcGC3viHmqMggXVDWngwXpjgO8qfBI-aUFcv7stlo7rXaqcd38xnCqFr7DqAPYtvDVDoqkdhL4-wjZtKgtnd0K6BxcfHT7vU3-tn6z99d3o6eMOLkzcu-uz9sTTa4-eln42whfjxqMnNLwiTl2QGWuaCr07fHpTZin0Mnj_fSShyRG7m9y4H7T01OXsdolF8DnP5PVLiL19-cSydg5s5V1trqSgAqbJIpcsC2pD_t2LNH3McRlFciUuScw59row5-heJHuaekFScd80t1NITol3tyM92fI7c1ARwUctP7dZf2PVTGVWZzlYdoJuOOpZ5FbqQawrdsnxf1Zo1j_uksxvxF1WzYdg; hubspotauth=EfXlZmrwqZ0Z5F8frrPJjeewt3xGZ5amFOeTgnyOVlsPGJ7pK6s9//uBzfu1/5GvmmFC/7ze2VmGbQY/oNgassWCyu0s0F8DB49KaclrfMIR6XS7kgpLbSsO1IN/m7Ulq5PKtOrQntX7XRIz+XGAHToTLVnMbnZO92IefPja+EH2ZfcNIbINNxktgSNWUEWnuMSAtI0f+F2PTDplZYWKeQ==; hubspot.hub.id=5129297

{"samplePayload":{"eventId":1,"subscriptionId":80023,"portalId":5129297,"occurredAt":1542060002079,"subscriptionType":"contact.creation","attemptNumber":0,"objectId":123,"changeSource":"CRM","changeFlag":"NEW","appId":183759},"webhookUrl":"https://reports.instituteforsupplymanagement.org/api/hubspot/transaction.json"}


Response

HTTP/1.1 500 Internal Server Error
Date: Mon, 12 Nov 2018 22:00:28 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 147
Connection: keep-alive
X-Trace: 2B4F0F1EA55997A70B2056C141EF398FAB28A3C20E000000000000000000
Access-Control-Allow-Origin: https://app.hubspot.com
Access-Control-Allow-Methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer
Access-Control-Expose-Headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 604800
Timing-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 478c45856a1a39a6-PHX

{"status":"error","message":"internal error","correlationId":"b8245a82-52b5-49a7-abe1-0a35def1b763","requestId":"21dcd957ca89f45b7704a0eca965f281"}


Webhook Subscription Test 403
#2

I'm getting the same error when using

https://webhook.site/18f8faca-d643-4885-8433-51fed2180fb9

as the end point. It's saying "connection refused"


#3

I realized I had the wrong endpoint in the second test, it works with

https://webhook.site/18f8faca-d643-4885-8433-51fed2180fb9

it also works with

https://pursepoor.com

Both sites use Let's Encrypt for the SSL certs.

However, it doesn't work with

https://reports.instituteforsupplymanagement.org/api/hubspot/transaction

which uses GoDaddy as the issuer of the SSL Cert.

It appears as though the issue is that HubSpot is not properly configured to respect certificates


POST https://api.hubspot.com/webhooks/v1/183759/subscriptions/80023/test?portalId=5129297&clienttimeout=14000 HTTP/1.1
Host: api.hubspot.com
Connection: keep-alive
Content-Length: 263
Accept: application/json, text/javascript, /; q=0.01
Origin: https://app.hubspot.com
X-HubSpot-CSRF-hubspotapi: KUt-MJpRHR8x2qQVWbzhnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
content-type: application/json
Referer: https://app.hubspot.com/developer/5129297/application/183759/webhooks
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: __cfduid=d7e2dd07a285399b8d7eda1a550a7adb71525378272; _ga=GA1.2.697986784.1532445824; hubspotutk=27a616581ae540454d68f04048fe8ea8; prefs=0; hubspotapi-prefs=0; cookieverified=1; __hluid=25c2d8cf-8427-4ab0-b9f8-3ccc79c10cd3; _gcl_au=1.1.1523560021.1537568217; hs-ard=1541782155115; _gid=GA1.2.1948606762.1542035090; __idcontext=eyJjb29raWVJRCI6IklaUkFJU1gzQU01VjdKQkMzRlJSUjZBMkkzVDY0UDdaTFdYMkRaUExZVlZRPT09PSIsImRldmljZUlEIjoiSVpSQUlTVURKSUdITk9SMzJGN1RYWlpLS1BQWldGN1JLVFdPVldHWjZaT0E9PT09IiwiaXYiOiJQTUFZT1ZQUE0zRExJUTdJTElPVFFUN0U0UT09PT09PSIsInYiOjF9; __hstc=20629287.27a616581ae540454d68f04048fe8ea8.1536944611203.1542061373189.1542127076567.42; __hssrc=1; hubspotapi-csrf=KUt-MJpRHR8x2qQVWbzhnA; cfruid=6e6183b018e82e322573f5dfb030e8b9c0804963-1542127084; csrf.app=KUt-MJpRHR8x2qQVWbzhnA; csrf.api=utNB30DFSlJS5RFSsd58ew; hubspotauth=EfXlZmrwqZ0Z5F8frrPJjeewt3xGZ5amFOeTgnyOVlsPGJ7pK6s9//I3QJtu9CcutrvvIEfNZASGbQY/oNgassWCyu0s0F8DB49KaclrfMIR6XS7kgpLbSsO1IN/m7Ulq5PKtOrQntX7XRIz+XGAHToTLVnMbnZO92IefPja+EH2ZfcNIbINNxktgSNWUEWnv4LETUa28iaC1VDO7YZfVQ==; hubspot.hub.id=5129297; hubspotapi=AJXaV52kHJLvZA2oCf7x7cZv9JHa6XPlxGR6wPcKyKsCboSZoPwJb8lhN_hXs9rx2nRwKKqBY8u41KHt8Jkfu_q9BNUHaYjHQWxI1yXSyx1fqmjMdMOHfDhvfuOj1OkEKO_kBbSiZBgesn9zxhQPwmilrKndFxJPJRrEDzHPaMoFfzLENVk531gDGjdQc4g2mUu1NzaFMqhV7yTYpI5v_sgbCfLDxy5ZqJ4gZWN4ee1sY46OaZz_mk6Q7N_55sHxOG8_xI4aJKNoHy9voeoLQLa3Y2c21NGHXFh0svUXHMGybyF8xvkoqQUf-opVM_vNqo--g0ruDpezAGFKZfCGpnoi9_9F25cAIT-r6hid7F4lqATQELRshNtGtMIS1LP7bDAu7-6_z_Fc1js22baKb6O_iDkwhGgzVRs63V170Iyqze8vdzyVOIAnumYZwSyrRktcvx9FLTmFmIdxZRFOq7bWylOmuhQgecguhakATUo4P5pdfdn0yR-PyhlEIs8EhLlAsWWgCVCP96mMfOl-WZhGyT1gCK-HzeJNRD9JwmQlG6gVf9iKnCcpozkCDvm73ISNwhogv0

{"samplePayload":{"eventId":1,"subscriptionId":80023,"portalId":5129297,"occurredAt":1542128530842,"subscriptionType":"contact.creation","attemptNumber":0,"objectId":123,"changeSource":"CRM","changeFlag":"NEW","appId":183759},"webhookUrl":"https://pursepoor.com"}


HTTP/1.1 200 OK
Date: Tue, 13 Nov 2018 17:18:46 GMT
Content-Type: application/json;charset=utf-8
Connection: keep-alive
X-Trace: 2B6EA7101329F9DB105469A7C6379166E6D01AC864000000000000000000
Access-Control-Allow-Origin: https://app.hubspot.com
Access-Control-Allow-Methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer
Access-Control-Expose-Headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 604800
Timing-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4792e6405b4e39d0-PHX
Content-Length: 18

{"statusCode":200}


#4


#5

The issue appears to be that Hubspot does not like the Wildcard SSL certificate. Or doesn't like GoDaddy's Certificate Authority which is less likely.

Setting up a second domain with a single site SSL using Let's Encrypt took care of the issue.


#7

Thanks for this feedback, @bkucenski! I'll make a note and keep an eye out for these types of issues going forward.