Multiple developers are receiving warnings from Shopify threatening to delist their apps from the app store due to SSL certificate issues, despite their certificates appearing valid on external checkers like sslshopper.com.
Common Setup:
Identified Issues:
?shop=shopname parameter, leading to a non-SSL pageProposed Solutions:
fullchain.pem (not just cert.pem) along with privkey.pemStatus: Discussion remains open with developers seeking clarification from Shopify. Delisting deadline mentioned as December 17th for at least one developer.
Hello,
Shopify asks me to install a SSL certificate for my applications otherwise they will be removed from the app store but my applications are hosted on a server with a Let’s Encrypt (TLS1.3) ssl certificate. On sslshopper.com everything is ok. Does anyone have an idea where the problem comes from?
I have now the same problem. Can you tell me more? Can anyone from Shopify on this forum give an answer?
the only change I made in relation to this problem is to go through Cloudflare. So I deactivated Cloudflare and change dns to return to the initial state but nothing changed, I still have the status “Action required”.
We have the same issue too. We are using cloudflare and have also checked all of our SSL’s through sslshopper.com as advised in the Shopify developer docs and they all show as valid.
I emailed Shopify and they confirmed that it all looked ok but that their system would pick up that we had made changes (even though we haven’t changed anything) and remove us from being delisted on the app store.
I continue to get emails every few days warning that we will be delisted on the 17th December though.
Did you manage to resolve this on your end?
I contacted shopify who advised me to reply to their email (Your app will be delisted…) to tell them about my problem and that they would investigate on their side. If we are several to answer the mail for this same problem, it will certainly have more influence.
The app url was on a redirect that only worked with the shop’s $_GET (PHP). They checked the url without ?shop=shop name and it wend on a wrong redirect and without SSL.
I fixed it by adding a check on the $_GET parameter of the shop.
Hello, how to implement this solution om my laravel project, i am working with keyon 147 package, i will be very gratfull if you can help me because my app is delisted from shopify app store due to this problem of invalid ssl certificate.
Shopify rejects SSL if the full certificate chain isn’t configured, even if it looks fine on SSL checkers. Make sure your server uses Let’s Encrypt’s fullchain.pem (not just cert.pem) along with privkey.pem, and confirm TLS 1.2+ is enabled. This ensures Shopify sees a valid, trusted SSL.
Hello, in your Laravel project with Keyon 147, update the server SSL config to point to fullchain.pem and privkey.pem, then restart your server. This will fix the invalid SSL issue and allow your app back on the Shopify App Store.