PayPal Express Checkout Error SSL connection timeout

[jsteggy]

I just want to chime in a say I've had this issue with paypal since the beginning may as well and my host says everything is "fine" on their side and that I should check with the zen cart developers. I'm pretty frustrated (and mostly venting my frustration ) I've run the ipncheck tool and the prod api seems to be ok but get errors on the sandbox check. tried the ipncheck today and its not working. go figure. Is there something else I should check? switch to a different payment system, maybe different host?

[VDecalS]

Dr Byte did a write up on SSL including payment gateways. https://www.zen-cart.com/entry.php?8-SSL-Explained-Back-and-Front
Try the CURL testing to start.

https://www.zen-cart.com/showthread....55#post1312455

There are 2 parts to SSL: a) customer-facing, and b) server-side

The customer-facing is optional; whereas the server-side SSL/TLS is required (and already provided by most modern hosting companies).
Read more: SSL Explained - Back and Front

PAYPAL:
You can use PayPal Express Checkout without offering SSL to your customers to protect their data-entry (such as address/email/phone identity info) ... as long as your server is capable of doing modern TLS 1.2 communication to PayPal in the background via CURL for the actual payment handling.

To use PayPal Payments Pro you MUST offer SSL on the customer-facing side because they're entering credit card details directly on your store, and that MUST be encrypted via a properly installed SSL certificate.


But in this modern era where SSL certificates can be obtained for free (ie: LetsEncrypt) there's no good business reason to not offer SSL to protect your customers' shopping experience.

[DrByte]

I've run the ipncheck tool and the prod api seems to be ok but get errors on the sandbox check.

PayPal typically updates their Sandbox servers to the new requirements for several months before the production servers are updated.
So if your connections to the sandbox are failing, then that strongly suggests that your server isn't ready for the new SSL requirements that PayPal has been telling all its merchants about for 2 years. If your host's servers can't reliably provide secure operations using modern standards, then it's time to find a new host.

[bradbdivin]

Update: I got the kanine fix. After Dreamhost realized I wasn't going away, the problem suddenly resolved itself, and they denied fixing anything. But it's suddenly fixed.. it's a miracle! Thanks again, Dr. Byte!

[jsteggy]

PayPal typically updates their Sandbox servers to the new requirements for several months before the production servers are updated.
So if your connections to the sandbox are failing, then that strongly suggests that your server isn't ready for the new SSL requirements that PayPal has been telling all its merchants about for 2 years. If your host's servers can't reliably provide secure operations using modern standards, then it's time to find a new host.

Thanks DrByte. I tested our domain on the SSLLABS tester and get an "A" rating.
The test show positive results almost everywhere. Is there anything I should be looking for in the SSL Labs test results? What would I look for to try and resolve the sandbox error?

results of the certificate test from ssl labs:
Server Key and Certificate #1
Subject a l l e y s t a m p . c o m
Common names a l l e y s t a m p . c o m
Alternative names a l l e y s t a m p . c o m w w w . a l l e y s t a m p . c o m
Valid from Sun, 07 Jun 2015 00:00:00 UTC
Valid until Tue, 28 Jun 2016 23:59:59 UTC (expires in 21 days, 1 hour)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency No
Revocation information CRL, OCSP
Revocation status Good (not revoked)
Trusted Yes

protocol test for my domain.
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

Joe

[jsteggy]

Update: I got the kanine fix. After Dreamhost realized I wasn't going away, the problem suddenly resolved itself, and they denied fixing anything. But it's suddenly fixed.. it's a miracle! Thanks again, Dr. Byte!

kanine fix? dreamhost is my provider as well. i've been talking to them but apparently not enough to irritate them. good for you on getting your issue resolved. Are you on vps or hosted plan?