APIs & Integrations

fonji
Contributor

Webhooks to https fails without details

EDIT - a summary for the future reader. Original post below.

This applies when you get the message Something's not quite right. Are you sure this is the correct URL? while testing the webhooks API from the developers panel, get nothing in your application logs but can make it work using cURL.
It is probably an SSL issue.

In our case, we used to have a certificate delivered by StartSSL.
As of October 2016, those certificate are not to be trusted, so Hubspot rightfully don’t support them.

A good, trusted, and free alternative is Let’s Encrypt.
As of the 26th of October, Hubspot supports these certificate.


Hello!

I can’t seem to make the webhooks send messages to my server via https.
It works with http, but that request won’t be managed in my case, as all http requests get redirected to the homepage with https.
So it shouldn’t be a DNS issue, nor an IPTables filter.
It works with a service like ngrok, and https queries are routed correctly (in this case, to my local machine).

But it doesn’t work with the url to my server. I suspect an SSL issue, but no browser gives any SSL error message.
The application logs on my server are silent (error and access).
So it doesn’t even reach the web server level.
If I use the test tool in the edit modal of a subscription, I get Something's not quite right. Are you sure this is the correct URL?

Can someone from hubspot acknowledge if it’s an SSL issue or not? And if it is, what’s wrong?
I don’t want to leave the URL here but I’ll be happy to send it privately.

PS: here’s a link to a similar issue

24 Replies 24
Not applicable

Webhooks to https fails without details

I’m also have the same issue. If I use https:// the webhook fails, if I use http:// I get a success.

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

Do you see anything in your server logs?
Have you tried using a Let’s Encrypt certificate to see if it works?

0 Upvotes
Not applicable

Webhooks to https fails without details

I figured out part of the issue, I wasn’t expecting a json array but a single object. In addition, when I try to test my https:// url I still get the same error, but it seems to be working even though the test fails. I’m using a Geotrust cert if that helps.

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

Thanks! I’ll try to find some time today to test that and I’ll let you know ASAP.

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

@dadams we can’t make our CDN work with this certificate (more on that below for the interested).
We would really appreciate that you add support for Let’s Encrypt certificates ASAP.

They have a huge support from big players including mozilla, CISCO, the EFF, facebook, OVH, google chrome and HP.

About our problem with our CDN:
The certificate we generated with comodo uses EC instead of RSA and that is not supported by Amazon AWS’s CDN (cloudfront).

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Webhooks to https fails without details

It’s very likely that we will support Letsencrypt, if we don’t currently. I’m working with our platform team now to determine the status of that, or the timing if it’s not currently supported.

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

Thanks for your quick response @dadams!

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Webhooks to https fails without details

I just got confirmation that we should support Let’s Encrypt certificates. Would you be able to switch back to that certificate, and let me know if you’re still having issues with the webhook test?

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

@dadams it didn’t work :frowning:

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Webhooks to https fails without details

@fonji are you still testing with the same URL as before? Testing that URL now shows success, and it doesn’t show a Let’s Encrypt/IdenTrust certificate.

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

@dadams any progress has been made? It’s been almost two weeks since your last answer!

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Webhooks to https fails without details

We’re planning on support Let’s Encrypt, but it’s being rolled out manually to our services, so it’s possible that webhooks don’t support this yet. I’m verifying this with our platform team, but there’s not a set ETA for when webhooks will support this yet.

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Webhooks to https fails without details

@fonji We just deployed a new version of the webhooks system that should support Let’s Encrypt certificates. Can you switch back to that certificate and try this again?

fonji
Contributor

Webhooks to https fails without details

@dadams it works! :tada: :champagne:
Thank you for the follow up.

I’ll edit the first message of this thread to give more information to future readers.

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

@dadams it still doesn’t work with Let’s Encrypt!

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

@dadams Yes I am using the same URL. I just changed the certificate and rolled back to the working one after my tests. So people here can test the integration. That’s why you don’t see the Let’s Encrypt certificate.
I’m not leaving an incompatible certificate for hours.

Here’s a detail of what I did, just to be clear:

  • Changed the conf to use the certificate from let’s encrypt
  • Restarted the server
  • Checked using my browser that the correct certificate (from let’s encrypt) was indeed loaded and deployed
  • Clicked “test” in the webhooks subscriptions interface
  • Got a “something’s not quite right. Are you sure it’s the correct URL” message, which is the one I get with an incompatible certificate (became sad)
  • Rolled back the server configuration to restore the working certificate
  • Restarted the server
  • Browser check
  • Clicked test
  • Got a success
  • Came here to report
0 Upvotes
pifleo
Member

Webhooks to https fails without details

We tried many SSL providers and the url seem to work with a Comodo free certificate valid for 90 days ( https://ssl.comodo.com/free-ssl-certificate.php ), we saw the Success message on Hubspot interface, but with all the tests we did today our staging server is broken and can’t display some assets with our new SSL configuration and AWS Cloudfront. I’m on it.

Again this is a temporary solution before buying a real certificate. We wanted to confirm it is going to work with this provider.

From the previous link I would have assumed the webhooks can work with Letsencrypt certificates can you confirm this ? That would be a good solution for us and many people.

0 Upvotes
pifleo
Member

Webhooks to https fails without details

Answer from Hubspot:

Apologies for delay with this, our product manager has been discussing this issue with developers.

They have found that the issue lies with your CA StartCom, which is not listed as one of our trusted CAs.
We would add it but it seems that we are weary doing so based on security concerns raised in places such as https://news.ycombinator.com/item?id=12582534.
This is not to say that StartCom will not become a trusted CA but for the moment we are hesitant to add it.
Would changing your CA be an option at this point.

Kind regards,

Brian

StartSSL CA provider is not trusted and webhooks are not forwarded

WoSign and StartCom

WoSign and StartCom This document contains additional information, and Mozilla’s proposed conclusion for community discussion, regarding the matter of WoSign and StartCom. For some weeks now, Mozilla has been investigating a list of potential...

So,
We also tried Let’s encrypt this morning. It’s not working either, despite being trusted by Mozilla.

Any advice on working CA certs with which level of validation ?

0 Upvotes
fonji
Contributor

Webhooks to https fails without details

Any advice on working CA certs with which level of validation ?

@dadams any idea?

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Webhooks to https fails without details

@fonji @pifleo are you still testing the same URL that you were previously having problems with? We just tested this again this afternoon and the test is showing success at this point.

0 Upvotes