Braintree\Exception\SSLCertificate with braintree_php sdk

Ok so I scratched my head around this for a while to figure out why would this happen

There are several reasons

  1. The request URL was malformed. (This was ok in my case, I’ve logged each request and didn’t see any issues)
  2. The request was an older version of SSL (< TLSv1.2). You have to have the version of openssl that supports TLSv1.2. This was also good in my case
  3. Braintree Network issues (https://status.braintreepayments.com) (Braintree didn’t report any issues)
  4. and many more

Let’s try to dig into some not too obvious things that could happen

First thing first, check if you’ve got the php curl working

Follow what’s asked here

https://github.com/paypal/TLS-update#php-requirements 

If everything is good, then move on else you have a problem right there. When you install PHP on say CentOS or other linux distro, php-curl module is generally installed from php-common package, however that’s not an implementation of curl itself as behind the scenes it makes use of curl/libcurl. Your local curl should be compiled with SSL against version of openssl that supports TLS1.2. There are several articles on how to do this. Just Google it.

Check if your SSL certificate is installed properly, this is also very important

This is a good guide to make sure that you’ve followed all the steps

DigitalOcean Guide to Install a SSL Certificate

Once installed, check if your certificate is installed properly using SSL Labs results, make sure that a DNS CAA and that forward secrecy is setup and working correctly.

PHP FPM

In my case PHP FPM was an issue, sometimes requests to braintree works and most of the time they failed. From PHP-Cli, requests will always work in my case. I deactivated the PHP FPM altogether after playing with several settings

replaced it with Apache processing PHP (using mod)

It works like charm thereafter. However I am still playing with settings and see if I can get Fast CGI to work reliably with Braintree (I’ll post an update once I get that to work)

 

Check if your server is behind a proxy

This could be an issue. You have to specifically mention your proxy server settings in Braintree_Configuration options. Without that, its just like digging a hole for yourself.

 

 

 

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.