EDIT - a summary for the future reader. Original post below.
This applies when you get the message Something's not quite right. Are you sure this is the correct URL? while testing the webhooks API from the developers panel, get nothing in your application logs but can make it work using cURL.
It is probably an SSL issue.
In our case, we used to have a certificate delivered by StartSSL.
As of October 2016, those certificate are not to be trusted, so Hubspot rightfully don’t support them.
A good, trusted, and free alternative is Let’s Encrypt.
As of the 26th of October, Hubspot supports these certificate.
Hello!
I can’t seem to make the webhooks send messages to my server via https.
It works with http, but that request won’t be managed in my case, as all http requests get redirected to the homepage with https.
So it shouldn’t be a DNS issue, nor an IPTables filter.
It works with a service like ngrok, and https queries are routed correctly (in this case, to my local machine).
But it doesn’t work with the url to my server. I suspect an SSL issue, but no browser gives any SSL error message.
The application logs on my server are silent (error and access).
So it doesn’t even reach the web server level.
If I use the test tool in the edit modal of a subscription, I get Something's not quite right. Are you sure this is the correct URL?
Can someone from hubspot acknowledge if it’s an SSL issue or not? And if it is, what’s wrong?
I don’t want to leave the URL here but I’ll be happy to send it privately.
I figured out part of the issue, I wasn’t expecting a json array but a single object. In addition, when I try to test my https:// url I still get the same error, but it seems to be working even though the test fails. I’m using a Geotrust cert if that helps.
@dadams we can’t make our CDN work with this certificate (more on that below for the interested).
We would really appreciate that you add support for Let’s Encrypt certificates ASAP.
They have a huge support from big players including mozilla, CISCO, the EFF, facebook, OVH, google chrome and HP.
About our problem with our CDN:
The certificate we generated with comodo uses EC instead of RSA and that is not supported by Amazon AWS’s CDN (cloudfront).
It’s very likely that we will support Letsencrypt, if we don’t currently. I’m working with our platform team now to determine the status of that, or the timing if it’s not currently supported.
I just got confirmation that we should support Let’s Encrypt certificates. Would you be able to switch back to that certificate, and let me know if you’re still having issues with the webhook test?
@fonji are you still testing with the same URL as before? Testing that URL now shows success, and it doesn’t show a Let’s Encrypt/IdenTrust certificate.
We’re planning on support Let’s Encrypt, but it’s being rolled out manually to our services, so it’s possible that webhooks don’t support this yet. I’m verifying this with our platform team, but there’s not a set ETA for when webhooks will support this yet.
@fonji We just deployed a new version of the webhooks system that should support Let’s Encrypt certificates. Can you switch back to that certificate and try this again?
@dadams Yes I am using the same URL. I just changed the certificate and rolled back to the working one after my tests. So people here can test the integration. That’s why you don’t see the Let’s Encrypt certificate.
I’m not leaving an incompatible certificate for hours.
Here’s a detail of what I did, just to be clear:
Changed the conf to use the certificate from let’s encrypt
Restarted the server
Checked using my browser that the correct certificate (from let’s encrypt) was indeed loaded and deployed
Clicked “test” in the webhooks subscriptions interface
Got a “something’s not quite right. Are you sure it’s the correct URL” message, which is the one I get with an incompatible certificate (became sad)
Rolled back the server configuration to restore the working certificate
We tried many SSL providers and the url seem to work with a Comodo free certificate valid for 90 days ( https://ssl.comodo.com/free-ssl-certificate.php ), we saw the Success message on Hubspot interface, but with all the tests we did today our staging server is broken and can’t display some assets with our new SSL configuration and AWS Cloudfront. I’m on it.
Again this is a temporary solution before buying a real certificate. We wanted to confirm it is going to work with this provider.
From the previous link I would have assumed the webhooks can work with Letsencrypt certificates can you confirm this ? That would be a good solution for us and many people.
Apologies for delay with this, our product manager has been discussing this issue with developers.
They have found that the issue lies with your CA StartCom, which is not listed as one of our trusted CAs.
We would add it but it seems that we are weary doing so based on security concerns raised in places such as https://news.ycombinator.com/item?id=12582534.
This is not to say that StartCom will not become a trusted CA but for the moment we are hesitant to add it.
Would changing your CA be an option at this point.
Kind regards,
Brian
StartSSL CA provider is not trusted and webhooks are not forwarded
WoSign and StartCom This document contains additional information, and Mozilla’s proposed conclusion for community discussion, regarding the matter of WoSign and StartCom. For some weeks now, Mozilla has been investigating a list of potential...
So,
We also tried Let’s encrypt this morning. It’s not working either, despite being trusted by Mozilla.
Any advice on working CA certs with which level of validation ?
@fonji@pifleo are you still testing the same URL that you were previously having problems with? We just tested this again this afternoon and the test is showing success at this point.