[email protected] Posted August 23, 2020 Share Posted August 23, 2020 Hi all, I'm wondering if someone can point me in the right direction here. We've setup our CubeCart shop and all seems to be going well - until we actually tried to purchase something. We've installed the Paypal ecommerce module, linked it to our paypal account and that all went well. I then go on to the website, add a product to cart, then view cart and check out using paypal. The program has me logon to paypal ok - then returns me to the payment screen, I tick the agree to terms * conditions box, then pay. I then am returned to the program with: Many thanks for your order! The order status is currently pending but it will automatically update to processing once payment is confirmed. Normally this is automated and will happen within the hour but please do contact us if you require more information. So for all intents and purposes, it has worked - however, no money ever comes out of my paypal account, nor does it go into the seller paypal account. The purchase shows up in the store 'dashboard' and I thought perhaps I have to change it from pending to processing to order complete - but nothing (as in money transfer) happens. I've not changed any of the default settings - so what could be wrong please? I've gone and disassociated the account and removed and reinstalled the extension - cleared cache, but nothing seems to work. We are using the very latest version of Cubecart, the default foundation skin and the latest paypal commerce extension. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 When you login to the seller account can you see the transaction at all? If so you may need to accept it and then choose to always automatically. Thee could also be a hosting compatibility issue. Have a look at your request log for errors. Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 thanks for the reply Al. No, there is nothing in the buyer or seller account. No activity what-so-ever ? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 What do the request logs show? Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 lots of stuff !! The RED errors are: Error: cURL Error (22): NSS: client certificate not found (nickname not specified) Response received (422 - Unprocessable Entity) i found your other thread about the Curl error. I've updated our server to OpenSSL 1.1.1 - which is the latest. Tried again, but still get this error in the log: Request Sent (cURL) - https://api.paypal.com/v1/identity/generate-token Error:cURL Error (22): NSS: client certificate not found (nickname not specified) Response received (400 - Bad Request) so, the response has changed from 422 to 400. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 Plesk hosting? Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 no, it is virtualmin - but I have root access to the server. we run prestashop on another of our sites with paypal check out and that works fine though? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 PayPal Checkout isn't PayPal Commerce. Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 hmm, ok. So how can I fix this please Al ? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 It's something to do with the cURL openSSL configuration. I believe it's failing to validate the SSL certificate at the PayPal Endpoint. An experienced server admin should be able to resolve this. I don't believe there are any issues with our integration. Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 hmm, that's not good Is there another paypal extension we can try with Cubecart please? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 Just the old PayPal Standard integration. Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 thanks Al. Just tested that and it worked perfectly first time. I guess I'll have to fix the curl issue !! 1 Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 I haven't found much in the way of solutions to this. https://stackoverflow.com/questions/15773806/nss-client-certificate-not-found-nickname-not-specified This has come up a few times recently. It maybe that we can code it to check the certificate by adding a local path but I'm unsure at this time. Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 ok, yes, that would be good. I have found this test (to do from the server root command line) openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts | egrep -wi "G5|return" I get an error: depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA verify error:num=20:unable to get local issuer certificate Verify return code: 20 (unable to get local issuer certificate) so, once that is fixed, I'm assuming I can revert to the other extension. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 That does seem to verify what I am saying. Try it with this endpoint which is the one used for PayPal Commerce API endpoint. api.paypal.com This matches the endpoint in your request log above. 7 minutes ago, [email protected] said: so, once that is fixed, I'm assuming I can revert to the other extension. Yes. I expect local issuer certificates can be imported to your server. Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 same error with that URL too. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 23, 2020 Share Posted August 23, 2020 Maybe digicert has resources for this. Their local certificate files must be public. Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 23, 2020 Author Share Posted August 23, 2020 running this works fine: openssl s_client -CApath /etc/ssl/certs/ -connect paypal.com:443 is there anyway I can change the paypal commerce extension to reflect that URL? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 24, 2020 Share Posted August 24, 2020 21 hours ago, [email protected] said: running this works fine: openssl s_client -CApath /etc/ssl/certs/ -connect paypal.com:443 is there anyway I can change the paypal commerce extension to reflect that URL? Interesting. Is it possible to tweak the openssl config to specify that default path rather than specifying it as an argument? https://security.stackexchange.com/questions/142159/how-to-get-openssl-to-use-a-cert-without-specifying-it-via-cafile https://www.phildev.net/ssl/opensslconf.html Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 24, 2020 Author Share Posted August 24, 2020 maybe, I'll look into it - thanks Al. 1 Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted August 24, 2020 Share Posted August 24, 2020 It looks like you may be able to specify this in the php.ini file. https://www.php.net/manual/en/openssl.configuration.php openssl.capath = /etc/ssl/certs Or it may be possible to add a file to the root folder of your store called ini-custom.inc.php with content; <?php ini_set('openssl.capath','/etc/ssl/certs'); Quote Link to comment Share on other sites More sharing options...
[email protected] Posted August 24, 2020 Author Share Posted August 24, 2020 thanks -I'll give that a try Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted June 2, 2021 Share Posted June 2, 2021 Hi Steve, Did the change to php.ini fix your issue? Quote Link to comment Share on other sites More sharing options...
Christopher Short Posted June 9, 2021 Share Posted June 9, 2021 (edited) Al , sent you a PM about a paypal error I am seeing. Edited June 9, 2021 by Christopher Short Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.