Question

webhook creation errors

  • 8 November 2018
  • 10 replies
  • 2263 views

Hello,


I am in the process of trying to create a webhook connection, I have absolutely no issues doing the webhook connection on a local server using ngrok to let the webhook connect. I get notifications when I make calls etc... The issue that I am having is that the moment that I push the code to a live server, every time I attempt to create a webhook connection, I am returned an error message..



{


"errorCode": "SUB-521",

"message": "WebHook is not reachable",

"errors": [

{


"errorCode": "SUB-521",

"message": "WebHook is not reachable"

}

]

}



I saw in a forum on the devcommunity.ringcentral where someone was having the exact same problems and John Wang the official Rep over there at Ringcentral posted a link to check if the link that I am providing was reachable and matched all of the requirements for the SSL/TLS checking.. https://www.sslshopper.com/ssl-checker.html This had no problems, the Webhook URL was completely accessable. I am also able to access the webhook URL through postman. But for some reason I cannot get it reach that URL.



Also in the error response it shows that I am in reality pointing the webhook towards the correct URL address. This is what I am posting in order for it to work, but it still does not want to work correctly..



the following in the real example has a real address which is totally reachable, but in my case it is said that it is not reachable by ringcentral.



{"eventFilters": [ "/restapi/v1.0/account/~/extension/~/presence ], "deliveryMode": { "transportType": "WebHook", "address": "https://my-api-sub-domain.tfpest.com/this-is-my-webhook-url" }}



10 replies

Is https://my-api-sub-domain.tfpest.com/this-is-my-webhook-url the webhook address?

I cannot access it: my-api-sub-domain.tfpest.coms server IP address could not be found.  DNS_PROBE_FINISHED_NXDOMAIN

It seems that there is DNS issue with the domain name.
No the domain name is not that. The api domain name is https://ctmapi.tfpest.com/ring/hook . I am the developer that posted the original question, but i was longed in under a different account. That is the API endpoint for this.
I tried the new uri. It is too slow to respond.  It takes about 30 seconds to respond.

https://ringcentral-quickstart.readthedocs.io/en/latest/webhooks

can respond within 1000 milliseconds
Did you try and send it a post request with a Validation-Token header? Because otherwise it will not respond.
Our engineering team updated me. And they seem to find the root cause: https://stackoverflow.com/questions/34110426/does-java-support-lets-encrypt-certificates

RingCentral server side does NOT support Let's encrypt certificates

Yes it is our issue. We will fix it but not until 2019 Q1.

So the quickest solution is to change your certificate.
WHAT!! wow that is the problem?! I am so glad that you finally raised the issue to the engineering team!! Is there any way that this solution can be included into the documentation, because in terms of Node.js applications, it is pretty common that people use Lets Encrypt for their SSL Certs because of how easy it is to setup.. Or perhaps even better would be to include a list of trusted SSL certificates that the Java programs that ringcentral uses would accept out of the box. This list would be extremely beneficial in any case. Is there any way that is something that you could provide?
Hi Jameson, 

I've already collected the list of trusted Certs, so hopefully, it will be published as part of WebHook guide soon. 
 
Your case helped us to find another small gap on our side. I'm talking about introducing unambiguous Error Code for this scenario to help us save time if the same problem appears in the future. It's in our backlog now.

Thanks,
Igor
I am extremely greatful for that response! It feel good to know that i helped in some way! By any chance could you tell me if Entrust is on that list of CAs that are accepted? Just looking into purchasing an SSL cert now so i can get this application rolled out to my teams. Yeah it would great if LetsEncrypt were an accept CA, because of the fact that they are Free and Extremely easy to use.. Thanks so much!
Here is the full list of "Entrust" trusted Certs supported on RingCentral side: 
  • Alias name: identrustpublicca [jdk] Owner: CN=IdenTrust Public Sector Roo
  • Alias name: entrustrootcaec1 [jdk] Owner: CN=Entrust Root Certification Authority - EC1
  • Alias name: entrust2048ca [jdk] Owner: CN=Entrust.net Certification Authority (2048)
  • Alias name: entrustrootcag2 [jdk] Owner: CN=Entrust Root Certification Authority - G2
  • Alias name: entrustevca [jdk] Owner: CN=Entrust Root Certification Authority

Thanks,
Igor

UPDATE:

I have changed the SSL certificate after paying nearly 300 dollars to get this certificate. I have validated that in fact the certificate has been installed correctly. I have tested to see if it works and I laughed so hard out of pure frustration when I saw the response. I will let the response speak for itself.

{ apiResponse:
   { _externals: { localStorage: [Object] },
     _request:
      { method: 'POST',
        redirect: 'follow',
        headers: [Object],
        url: 'https://platform.ringcentral.com/restapi/v1.0/subscription',
        follow: 20,
        compress: true,
        counter: 0,
        body: '{"eventFilters":["/restapi/v1.0/account/~/extension/~/presence"],"deliveryMode":{"transportType":"WebHook","address":"https://ctmapi.tfpest.com/ring/hook"}}',
        bodyUsed: false,
        size: 0,
        timeout: 0,
        _raw: [],
        _abort: false,
        protocol: 'https:',
        hostname: 'platform.ringcentral.com',
        port: null,
        path: '/restapi/v1.0/subscription',
        auth: null,
        originalBody: '{"eventFilters":["/restapi/v1.0/account/~/extension/~/presence"],"deliveryMode":{"transportType":"WebHook","address":"https://ctmapi.tfpest.com/ring/hook"}}' },
     _response:
      { url: 'https://platform.ringcentral.com/restapi/v1.0/subscription',
        status: 400,
        statusText: 'Bad Request',
        headers: [Object],
        ok: false,
        body: [Object],
        bodyUsed: true,
        size: 0,
        timeout: 0,
        _raw: [Array],
        _abort: false,
        _bytes: 132 },
     _text: '{"errorCode":"SUB-521","message":"WebHook is not reachable","errors":[{"errorCode":"SUB-521","message":"WebHook is not reachable"}]}',
     _json:
      { errorCode: 'SUB-521',
        message: 'WebHook is not reachable',
        errors: [Array] },
     _multipart: [] },
  originalMessage: 'Response has unsuccessful status' }

Your solution did nothing... here is the exact code that I am using to send the request to your server.

let reqBody = {   eventFilters: ['/restapi/v1.0/account/~/extension/~/presence'],   deliveryMode: {    transportType: "WebHook",    address: "https://ctmapi.tfpest.com/ring/hook"   }  }; platform.send({   method: "POST",   url: "https://platform.ringcentral.com/restapi/v1.0/subscription",   body: reqBody  }).then(function (response) {   res.send(response);  }).catch(function (e) {   res.send(e); }); 

Here is an exact copy of the API endpoint https://ctmapi.tfpest.com/ring/hook

router.post("/ring/hook", (req, res) => {     console.log("This is inside of the webhook creation place");     // this console log never gets reached...     let header = 'Validation-Token';     if (req.get(header)) {         res.header(header, req.get(header));         res.send({ test: req.get(header) });     } else {         res.send({ test: req.get(header) })     } }); 

I am using an NGINX proxy server. to access the express node application.

If you send a postman request to https://ctmapi.tfpest.com/ring/hook with a Validation-Token header of 1234567, it returns this list of headers, :

Server nginx/1.10.3 (Ubuntu)
Date Mon, 26 Nov 2018 17:31:41 GMT
Content-Type application/json; charset=utf-8
Content-Length 18
Connection keep-alive
Access-Control-Allow-Origin *
Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept. Validation-Token
Validation-Token 1234567
ETag W/"12-oyx2mc99b6uDb18f4YUrToOit6U"
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options DENY

This is everything that I can possibly think of that might need. I cannot think of anything else that you could possibly use for diagnosing the problem.

I am so tired of working on this and I am near the breaking point. I have cost our company SO much money so far because something wrong with this system.


Reply