Ok so I scratched my head around this for a while to figure out why would this happen
There are several reasons
- The request URL was malformed. (This was ok in my case, I’ve logged each request and didn’t see any issues)
- The request was an older version of SSL (< TLSv1.2). You have to have the version of openssl that supports TLSv1.2. This was also good in my case
- Braintree Network issues (https://status.braintreepayments.com) (Braintree didn’t report any issues)
- and many more
Let’s try to dig into some not too obvious things that could happen
First thing first, check if you’ve got the php curl working
Follow what’s asked here
https://github.com/paypal/TLS-update#php-requirements
If everything is good, then move on else you have a problem right there. When you install PHP on say CentOS or other linux distro, php-curl module is generally installed from php-common package, however that’s not an implementation of curl itself as behind the scenes it makes use of curl/libcurl. Your local curl should be compiled with SSL against version of openssl that supports TLS1.2. There are several articles on how to do this. Just Google it.
Check if your SSL certificate is installed properly, this is also very important
This is a good guide to make sure that you’ve followed all the steps
DigitalOcean Guide to Install a SSL Certificate
Once installed, check if your certificate is installed properly using SSL Labs results, make sure that a DNS CAA and that forward secrecy is setup and working correctly.
PHP FPM
In my case PHP FPM was an issue, sometimes requests to braintree works and most of the time they failed. From PHP-Cli, requests will always work in my case. I deactivated the PHP FPM altogether after playing with several settings
|
1 2 3 4 5 6 7 8 |
#<Proxy "unix:/var/run/php-fpm/jaspreetchahal.org.sock|fcgi://php-fpm"> # # we must declare a parameter in here (doesn't matter which) or it'll not register the proxy ahead of time # ProxySet disablereuse=off #</Proxy> #<FilesMatch \.php$> # SetHandler proxy:fcgi://php-fpm #</FilesMatch> |
replaced it with Apache processing PHP (using mod)
|
1 2 3 |
<FilesMatch \.php$> SetHandler application/x-httpd-php </FilesMatch> |
It works like charm thereafter. However I am still playing with settings and see if I can get Fast CGI to work reliably with Braintree (I’ll post an update once I get that to work)
Check if your server is behind a proxy
This could be an issue. You have to specifically mention your proxy server settings in Braintree_Configuration options. Without that, its just like digging a hole for yourself.
Leave a Reply