Solved

TLS certificate validation failed: error 72787, when trying to connect to my shopify store.

OrlandoMicrosip
Shopify Partner
4 0 0

I need your help, all of our clients are reporting the error "TLS certificate validation failed: error 72787" when they try to connect to their store. The same error was reported on january 19th, 2023 and we tried to fix it for a few hours but suddenly it started working again, so we believe the cause of this error is not our responsability, there's something wrong with the Shopify API, we would like to know what is happening? and how can we prevent this case?

 

thanks.   

Accepted Solution (1)
DanAtYottaa
Visitor
1 1 1

This is an accepted solution.

Hi @OrlandoMicrosip , maybe this helps... we recently hit an issue due to using an older OpenSSL version (1.0.2k) with a shopify REST API client.  The new Lets Encrypt cert chain used by shopify as of 2/13 is incompatible with older OpenSSL versions.  We used workaround # 1 here and that solved the issue:

https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

 

@ShopifyDevSup , FYI, not sure if this is intentional, but the shopify API gateways are still returning the "old" Cloudflare chain for TLS client hello's that don't include an SNI block.  This threw us for a loop while debugging as some older tools don't include SNI in certain cases.

 

View solution in original post

Replies 4 (4)

Shay
Shopify Staff
2968 460 609

Hi @OrlandoMicrosip 

 

I appreciate you reaching out about this. I reviewed any open issues we had on January 19th and today and I am not seeing anything that would be related to an error message like this. 

 

I have some questions that will help us troubleshoot the cause/source of the issue.

 

  • Are you able to share a screenshot of the error message?
  • Are you able to replicate this error yourself?
  • Is this isolated to specific devices, internet browsers, locations? 
  • Does clearing the browser cache or accessing the store with incognito mode resolve the issue?
  • What are the detailed steps that the merchant(s) are taking to get to the error message?

 

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

OrlandoMicrosip
Shopify Partner
4 0 0

Captura.PNG

  • Are you able to replicate this error yourself?
    • Yes, i'm able to replicate this error by myself.

 

  • Is this isolated to specific devices, internet browsers, locations? 
    • No, it is not, it just starts to happen out of nowhere and in all of our client's systems.
  • Does clearing the browser cache or accessing the store with incognito mode resolve the issue?
    • Sorry, i wasn't clear, we are not trying to connect to the store through web browser, we are doing it  through API REST.
  • What are the detailed steps that the merchant(s) are taking to get to the error message?
    • Whenever they try to make a "GET" call to shopify API, they are getting this error message.

 

ShopifyDevSup
Shopify Staff
1415 231 484

Hi @OrlandoMicrosip 👋

 

Please be sure to review this important notice on certificate updates on myshopify.com domains.

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

DanAtYottaa
Visitor
1 1 1

This is an accepted solution.

Hi @OrlandoMicrosip , maybe this helps... we recently hit an issue due to using an older OpenSSL version (1.0.2k) with a shopify REST API client.  The new Lets Encrypt cert chain used by shopify as of 2/13 is incompatible with older OpenSSL versions.  We used workaround # 1 here and that solved the issue:

https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

 

@ShopifyDevSup , FYI, not sure if this is intentional, but the shopify API gateways are still returning the "old" Cloudflare chain for TLS client hello's that don't include an SNI block.  This threw us for a loop while debugging as some older tools don't include SNI in certain cases.