A space to discuss GraphQL queries, mutations, troubleshooting, throttling, and best practices.
I need your help, all of our clients are reporting the error "TLS certificate validation failed: error 72787" when they try to connect to their store. The same error was reported on january 19th, 2023 and we tried to fix it for a few hours but suddenly it started working again, so we believe the cause of this error is not our responsability, there's something wrong with the Shopify API, we would like to know what is happening? and how can we prevent this case?
thanks.
Solved! Go to the solution
This is an accepted solution.
Hi @OrlandoMicrosip , maybe this helps... we recently hit an issue due to using an older OpenSSL version (1.0.2k) with a shopify REST API client. The new Lets Encrypt cert chain used by shopify as of 2/13 is incompatible with older OpenSSL versions. We used workaround # 1 here and that solved the issue:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
@ShopifyDevSup , FYI, not sure if this is intentional, but the shopify API gateways are still returning the "old" Cloudflare chain for TLS client hello's that don't include an SNI block. This threw us for a loop while debugging as some older tools don't include SNI in certain cases.
I appreciate you reaching out about this. I reviewed any open issues we had on January 19th and today and I am not seeing anything that would be related to an error message like this.
I have some questions that will help us troubleshoot the cause/source of the issue.
Shay | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Hi @OrlandoMicrosip 👋
Please be sure to review this important notice on certificate updates on myshopify.com domains.
Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
This is an accepted solution.
Hi @OrlandoMicrosip , maybe this helps... we recently hit an issue due to using an older OpenSSL version (1.0.2k) with a shopify REST API client. The new Lets Encrypt cert chain used by shopify as of 2/13 is incompatible with older OpenSSL versions. We used workaround # 1 here and that solved the issue:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
@ShopifyDevSup , FYI, not sure if this is intentional, but the shopify API gateways are still returning the "old" Cloudflare chain for TLS client hello's that don't include an SNI block. This threw us for a loop while debugging as some older tools don't include SNI in certain cases.