Solved

Payment Public App Checkout loop

Justin9987
Tourist
3 1 4

Hi everyone,

i just created an payment app and granted required permission for OAuth token: 

write_payment_gateways,read_payment_gateways,read_payment_sessions,write_payment_sessions
and also set the app as ready to process payment by calling paymentsAppConfigure mutation
 
During checkout with this payment app, it will keep loading for a while then go back to checkout page and telling me there is an technical issue with the payment app.
Justin9987_1-1635304304502.png

 


We had set the payment session url for this payment app extension according to doc https://shopify.dev/apps/payments/processing-a-payment
but we did not receiving any backend request from shopify for the payment session url

 

Question is
1. What kind of scenario will lead to checkout loop issue?
2. Do we still have to do anything in order to process a payment via this payment public app we've created?
Accepted Solution (1)

Justin9987
Tourist
3 1 4

This is an accepted solution.

Issue solved.

 

This issue is due to the SSL certificate we used. It's issued with an intermediary certificate (that we did not send), so on Shopify side they are not able to find the trusted root issuer because the SSL is missing the "middle part".

 

The solution is include the intermediate certificate in the certificate file.

View solution in original post

Replies 13 (13)

in-dev-chai
Shopify Partner
10 0 2

Were you able to resolve this?

 

mdestantini
Tourist
10 0 4

I have the same issue, Shopify assistance didn't help me. Did you solve it?

Justin9987
Tourist
3 1 4

This is an accepted solution.

Issue solved.

 

This issue is due to the SSL certificate we used. It's issued with an intermediary certificate (that we did not send), so on Shopify side they are not able to find the trusted root issuer because the SSL is missing the "middle part".

 

The solution is include the intermediate certificate in the certificate file.

mdestantini
Tourist
10 0 4

Thank You @Justin9987 , I would understant better the solution you applied.
To perform payment session Shopify needs to call /cart endpoint on my backend, in this step Shopify acts as a client and the connection between Shopify and my app backend must be "MTLS".

 

For my backend I can create a pair of private and public key, which I will call: RootCA.key and RootCA.pem

openssl genrsa -out RootCA.key 4096
openssl req -new -x509 -days 3650 -key RootCA.key -out RootCA.pem


What I'm not understanding is what should I do with the two certificate in Shopify MTLS page, which are:

Shopify's Payments Platform Root CA
-----BEGIN CERTIFICATE-----
MIICQTCCAeigAwIBAgIUe+t5Y8PXvczEIT25w+VFTeKQUn4wCgYIKoZIzj0EAwIw
bTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3
YTEQMA4GA1UEChMHU2hvcGlmeTEpMCcGA1UEAxMgU2hvcGlmeSBQYXltZW50IFBs
YXRmb3JtIFJvb3QgQ0EwHhcNMjEwMjI1MTk0OTQ5WhcNMjkwMjIzMTk1MDE5WjBt
MQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdh
MRAwDgYDVQQKEwdTaG9waWZ5MSkwJwYDVQQDEyBTaG9waWZ5IFBheW1lbnQgUGxh
dGZvcm0gUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE2tRNrL28gM
eD6cVH1Evn40gTzoy+aH47QnAhs6oHBZ+pgN1iCK9G6u/Va1BdWqsbmmZMZfZkY4
x+kqHRjw29GjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgED
MB0GA1UdDgQWBBRVqavxvOa9K9SKEuHz4ZmXcCyy5DAfBgNVHSMEGDAWgBRVqavx
vOa9K9SKEuHz4ZmXcCyy5DAKBggqhkjOPQQDAgNHADBEAiB+pPrzREg+NpenROMY
n5IH3OrORXERggd0+YLI5HhL/wIgcAo70tOV/0Vv9oGFjNbI9TpkeFUgb8Rc5Gh6
65LHwoQ=
-----END CERTIFICATE-----
Shopify's Payments Platform Secondary CA Production
-----BEGIN CERTIFICATE-----
MIICUjCCAfigAwIBAgIUXLkjZ6s/S+FzEbQABn9FmC3vCD8wCgYIKoZIzj0EAwIw
bTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3
YTEQMA4GA1UEChMHU2hvcGlmeTEpMCcGA1UEAxMgU2hvcGlmeSBQYXltZW50IFBs
YXRmb3JtIFJvb3QgQ0EwHhcNMjEwMjI1MTk0OTU1WhcNMjQwMjI1MTk1MDI1WjB9
MQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdh
MRAwDgYDVQQKEwdTaG9waWZ5MTkwNwYDVQQDEzBTaG9waWZ5IFBheW1lbnQgUGxh
dGZvcm0gU2Vjb25kYXJ5IENBIFByb2R1Y3Rpb24wWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAASB/PJiqXjVxmdKWsAjg8ljtdB6th71ZuiSjyMIHfUqe1zUGkNlGfhc
Wdxb/XSY1RiO0uZZJUTGsr37Aj42mPgDo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD
VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU9PLeHDNrctw7CkA6UhSNOZU8uVEw
HwYDVR0jBBgwFoAUVamr8bzmvSvUihLh8+GZl3AssuQwCgYIKoZIzj0EAwIDSAAw
RQIhAJkeNxYqCCPo115sgd20SN/87olMagNZqlJa8GZbo4oDAiB9S88ga4jsZCvA
ciExpaKrSSFdl4TTxpfLiNZX0OFU5w==
-----END CERTIFICATE-----


I'm following this guide to implement this integration on AWS:
https://aws.amazon.com/it/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway...

But of course the problem is not only on aws. 
 

Justin9987
Tourist
3 1 4

i did not use the 2 certificate mentioned in Shopify side but still able to proceed.

 

My suggestion for you is make sure your endpoint is certified and valid for any client such as postman/browser.

If there is nothing wrong with above method then it might be permission or SSL issue which we did not know.

 

I believe that you need to get required permission from Shopify in order to build payment application on Shopify. You may check this out by reaching them with the method you had done.

 

This is not the first time we had encountered this checkout looping and the reason for this issue is after we purchase SSL from 3rd party. 

mdestantini
Tourist
10 0 4

I bought all my SSL certificates on AWS Certificate Manager. 
@Justin9987 so you didn't implemented a specific MTLS connection but you make a normal SSL connection?


Reading Shopify documentation it seems MTLS is mandatory. Very strange.

We were accepted as payment provider and we have approved and enabled one app extension.
What we didn't do is listing, because we didn't test yet.

There are other Shopify verification to request?

gmarino
Visitor
3 0 0

@Justin9987 Where did you buy the root certificate you used? 

gmarino
Visitor
3 0 0

Did you set MTLS? @Justin9987 

alexhoang
Visitor
2 0 1

 Hi @gmarino 

Did you solve the issue? We're facing the same issue with Goddady cert now. Try multiple ways but still not solved yet 😞

garforlock
Shopify Partner
9 0 1

Did you setup MTLS? what web server are you using.

 

I've setup MTLS on a public Nginx server with Shopify's certs using Lets Encrypt cert for the server, and the call never reaches the configured URL(Draft mode), the logs shows no hits from Shopify.

 

Also for testing MTLS  I've setup a Postman  POST call with a client certificate which I've already added to the nginx MTLS  config, and all the calls hit the url.

 

 

 

 

alexhoang
Visitor
2 0 1

We setup MTLS per instruction of Shopify but got no luck 😞

We are not able to debug the request from Shopify to the APP API endpoint; thus no way to know what's happening and really struggling with this.

It's not something that works out of the box with the documentation/instruction. 

garforlock
Shopify Partner
9 0 1

Just in case it helps, this is the Nginx config for the site I have setup 


In the file /etc/nginx/client_certs/mtlscerts.crt , I have concatenated  Shopify's certs from the docs and also a client certificate I generated to make sure config MTLS is working.

 

For DNS I am using Cloudflare with no proxy 

 

carbon.png

 

Punarvasu
Shopify Partner
5 0 0

Hi Justin9987
I am also facing the same issue in payment app. I have apache installed on server, SSL certificate from Lets Encrypt and also put Shopify CA

but still in testing same error..

Please help