I went ahead and enabled autossl a week or so ago. Everything has pretty much worked without problems until recently. I use curl to 'talk' with an order processor we use on our sites... things like receiving order info or sending info to them and what not which allows us to automate tasks on both sides of things when an order is processed through scripts - such as doing database work. Upon changing over to ssl I found that these automated scripts using the order processors api were failing, but not all the time - it seemed random at first until I realized what was happening.
The error being thrown was this :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
I spent the better part of two days going over things, trying things, and so on to figure out why this was happening. In the end I was confident this was not something on our side of things. Working with the order processor we were able to find the cause of the issue. The scripts were failing because OUR ssl cert wasn't verifying properly for THEM. I didn't get any full details other than that, but I assume it had to do something with curl so probably CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_SSL_VERIFYPEER => 1 or something similar.
My question is... why are the autossl certs failing their verification? The certs show perfectly fine in all browsers with no errors so why would this happen with our order processor?
Is this because they are DV certs or is there some other underlying reason for this? In the meantime our order processor has essentially 'whitelisted' us so the cert verification is bypassed and our api scripts work with ssl/https, but I would really like to try and figure this out more.
Has anyone else experienced anything like this with their autossl certs or have any hints as to why it is not validating for them? Could it be they just need to update their cert authority bundles or...?
The error being thrown was this :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
I spent the better part of two days going over things, trying things, and so on to figure out why this was happening. In the end I was confident this was not something on our side of things. Working with the order processor we were able to find the cause of the issue. The scripts were failing because OUR ssl cert wasn't verifying properly for THEM. I didn't get any full details other than that, but I assume it had to do something with curl so probably CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_SSL_VERIFYPEER => 1 or something similar.
My question is... why are the autossl certs failing their verification? The certs show perfectly fine in all browsers with no errors so why would this happen with our order processor?
Is this because they are DV certs or is there some other underlying reason for this? In the meantime our order processor has essentially 'whitelisted' us so the cert verification is bypassed and our api scripts work with ssl/https, but I would really like to try and figure this out more.
Has anyone else experienced anything like this with their autossl certs or have any hints as to why it is not validating for them? Could it be they just need to update their cert authority bundles or...?
