question

jameson-bevans11907 avatar image
jameson-bevans11907 asked ·

webhook creation errors

Hello,

I am in the process of trying to create a webhook connection, I have absolutely no issues doing the webhook connection on a local server using ngrok to let the webhook connect. I get notifications when I make calls etc... The issue that I am having is that the moment that I push the code to a live server, every time I attempt to create a webhook connection, I am returned an error message..


{
    "errorCode": "SUB-521",
    "message": "WebHook is not reachable",
    "errors": [
        {
            "errorCode": "SUB-521",
            "message": "WebHook is not reachable"
        }
    ]



I saw in a forum on the devcommunity.ringcentral where someone was having the exact same problems and John Wang the official Rep over there at Ringcentral posted a link to check if the link that I am providing was reachable and matched all of the requirements for the SSL/TLS checking..    https://www.sslshopper.com/ssl-checker.html  This had no problems, the Webhook URL was completely accessable. I am also able to access the webhook URL through postman. But for some reason I cannot get it reach that URL. 


Also in the error response it shows that I am in reality pointing the webhook towards the correct URL address. This is what I am posting in order for it to work, but it still does not want to work correctly..


the following in the real example has a real address which is totally reachable, but in my case it is said that it is not reachable by ringcentral.


{"eventFilters": [ "/restapi/v1.0/account/~/extension/~/presence ], "deliveryMode": { "transportType": "WebHook", "address": " https://my-api-sub-domain.tfpest.com/this-is-my-webhook-url" }}

General Topic
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image
Tyler Liu answered ·
Is  https://my-api-sub-domain.tfpest.com/this-is-my-webhook-url the webhook address?

I cannot access it:  my-api-sub-domain.tfpest.coms server IP address could not be found.  DNS_PROBE_FINISHED_NXDOMAIN

It seems that there is DNS issue with the domain name.
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

riley-worthen12640 avatar image
riley-worthen12640 answered ·
No the domain name is not that. The api domain name is https://ctmapi.tfpest.com/ring/hook . I am the developer that posted the original question, but i was longed in under a different account. That is the API endpoint for this.
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Tyler Liu avatar image
Tyler Liu answered ·
I tried the new uri. It is too slow to respond.  It takes about 30 seconds to respond.

https://ringcentral-quickstart.readthedocs.io/en/latest/webhooks

can respond within 1000 milliseconds
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

riley-worthen12640 avatar image
riley-worthen12640 answered ·
Did you try and send it a post request with a Validation-Token header? Because otherwise it will not respond.
35 comments
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

I just tried again.

With the Validation-Token header, it took 8 seconds to respond, still too slow.
0 Likes 0 ·
I dont know what you are trying to use to make that request, but I have tested it out with postman. I send the request to https://ctmapi.tfpest.com/ring/hook with the Validation-Token header and it took me a grand total of 75 milliseconds to make the request... I tried on another computer and it made the request very quickly. and it wasnt over 1000 milliseconds.. I continue to get the response that the "webhook is not reachable". Even worse is the fact that my endpoint is not even being Touched! I can tell you right now, this issue is NOT the time that it takes for my server to respond. My endpoint has a console.log that is the first thing that happens when that endpoint is called and it never does get called.
0 Likes 0 ·


You can see right here. This is from a website called apitester.com. I performed the query in 392ms in the very first attempt. This time I also saw that my server did the console.log("inside my webhook creation place");. 
0 Likes 0 ·
Hi, I tried again and this time it is indeed fast!  

And it now returns {"test":"test"} (it retuned empty body last time)

Could you please share with me the code you used to setup webhook?
0 Likes 0 ·
I will be able to do so tomorrow as i am already out of the office.
0 Likes 0 ·
Show more comments
Tyler Liu avatar image
Tyler Liu answered ·
Our engineering team updated me. And they seem to find the root cause:  https://stackoverflow.com/questions/34110426/does-java-support-lets-encrypt-certificates

RingCentral server side does NOT support Let's encrypt certificates

Yes it is our issue. We will fix it but not until 2019 Q1.

So the quickest solution is to change your certificate.
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

jameson-bevans11907 avatar image
jameson-bevans11907 answered ·
WHAT!! wow that is the problem?! I am so glad that you finally raised the issue to the engineering team!! Is there any way that this solution can be included into the documentation, because in terms of Node.js applications, it is pretty common that people use Lets Encrypt for their SSL Certs because of how easy it is to setup.. Or perhaps even better would be to include a list of trusted SSL certificates that the Java programs that ringcentral uses would accept out of the box. This list would be extremely beneficial in any case. Is there any way that is something that you could provide?
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

igor-bebin avatar image
igor-bebin answered ·
Hi Jameson, 

I've already collected the list of trusted Certs, so hopefully, it will be published as part of WebHook guide soon. 
 
Your case helped us to find another small gap on our side. I'm talking about introducing unambiguous Error Code for this scenario to help us save time if the same problem appears in the future. It's in our backlog now.

Thanks,
Igor
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

riley-worthen12640 avatar image
riley-worthen12640 answered ·
I am extremely greatful for that response! It feel good to know that i helped in some way! By any chance could you tell me if Entrust is on that list of CAs that are accepted? Just looking into purchasing an SSL cert now so i can get this application rolled out to my teams. Yeah it would great if LetsEncrypt were an accept CA, because of the fact that they are Free and Extremely easy to use.. Thanks so much!
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

igor-bebin avatar image
igor-bebin answered ·
Here is the full list of "Entrust" trusted Certs supported on RingCentral side: 
  • Alias name: identrustpublicca [jdk] Owner: CN=IdenTrust Public Sector Roo
  • Alias name: entrustrootcaec1 [jdk] Owner: CN=Entrust Root Certification Authority - EC1
  • Alias name: entrust2048ca [jdk] Owner: CN=Entrust.net Certification Authority (2048)
  • Alias name: entrustrootcag2 [jdk] Owner: CN=Entrust Root Certification Authority - G2
  • Alias name: entrustevca [jdk] Owner: CN=Entrust Root Certification Authority

Thanks,
Igor

1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

jameson-bevans11907 avatar image
jameson-bevans11907 answered ·
UPDATE:

I have changed the SSL certificate after paying nearly 300 dollars to get this certificate. I have validated that in fact the certificate has been installed correctly. I have tested to see if it works and I laughed so hard out of pure frustration when I saw the response. I will let the response speak for itself.

{ apiResponse:
   { _externals: { localStorage: [Object] },
     _request:
      { method: 'POST',
        redirect: 'follow',
        headers: [Object],
        url: 'https://platform.ringcentral.com/restapi/v1.0/subscription',
        follow: 20,
        compress: true,
        counter: 0,
        body: '{"eventFilters":["/restapi/v1.0/account/~/extension/~/presence"],"deliveryMode":{"transportType":"WebHook","address":"https://ctmapi.tfpest.com/ring/hook"}}',
        bodyUsed: false,
        size: 0,
        timeout: 0,
        _raw: [],
        _abort: false,
        protocol: 'https:',
        hostname: 'platform.ringcentral.com',
        port: null,
        path: '/restapi/v1.0/subscription',
        auth: null,
        originalBody: '{"eventFilters":["/restapi/v1.0/account/~/extension/~/presence"],"deliveryMode":{"transportType":"WebHook","address":"https://ctmapi.tfpest.com/ring/hook"}}' },
     _response:
      { url: 'https://platform.ringcentral.com/restapi/v1.0/subscription',
        status: 400,
        statusText: 'Bad Request',
        headers: [Object],
        ok: false,
        body: [Object],
        bodyUsed: true,
        size: 0,
        timeout: 0,
        _raw: [Array],
        _abort: false,
        _bytes: 132 },
     _text: '{"errorCode":"SUB-521","message":"WebHook is not reachable","errors":[{"errorCode":"SUB-521","message":"WebHook is not reachable"}]}',
     _json:
      { errorCode: 'SUB-521',
        message: 'WebHook is not reachable',
        errors: [Array] },
     _multipart: [] },
  originalMessage: 'Response has unsuccessful status' }

Your solution did nothing... here is the exact code that I am using to send the request to your server.

let reqBody = {   eventFilters: ['/restapi/v1.0/account/~/extension/~/presence'],   deliveryMode: {    transportType: "WebHook",    address: "https://ctmapi.tfpest.com/ring/hook"   }  }; platform.send({   method: "POST",   url: "https://platform.ringcentral.com/restapi/v1.0/subscription",   body: reqBody  }).then(function (response) {   res.send(response);  }).catch(function (e) {   res.send(e); }); 

Here is an exact copy of the API endpoint https://ctmapi.tfpest.com/ring/hook

router.post("/ring/hook", (req, res) => {     console.log("This is inside of the webhook creation place");     // this console log never gets reached...     let header = 'Validation-Token';     if (req.get(header)) {         res.header(header, req.get(header));         res.send({ test: req.get(header) });     } else {         res.send({ test: req.get(header) })     } }); 

I am using an NGINX proxy server. to access the express node application.

If you send a postman request to https://ctmapi.tfpest.com/ring/hook with a Validation-Token header of 1234567, it returns this list of headers, :

Server nginx/1.10.3 (Ubuntu)
Date Mon, 26 Nov 2018 17:31:41 GMT
Content-Type application/json; charset=utf-8
Content-Length 18
Connection keep-alive
Access-Control-Allow-Origin *
Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept. Validation-Token
Validation-Token 1234567
ETag W/"12-oyx2mc99b6uDb18f4YUrToOit6U"
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options DENY

This is everything that I can possibly think of that might need. I cannot think of anything else that you could possibly use for diagnosing the problem.

I am so tired of working on this and I am near the breaking point. I have cost our company SO much money so far because something wrong with this system.


6 comments
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

I have fantastic news.

After changing the SSL_CIPHERS in my ssl-params.conf file. Ringcentral was finally able to reach my webhook and I am so please to say that it is finally functional!!!! I have spent over 5 weeks attempting to solve this issue.

Such a sweet success. Thank you for your assistance. If I may ask, how did you determine which ssl_ciphers that I was using?
1 Like 1 ·
I apologize for all the inconvenience we have caused to you. I will try all the code snippet you've posted and update you.
0 Likes 0 ·
I can reproduce the issue. I have escalated it. Please hold on.
0 Likes 0 ·
Thank you so much Tyler, I look forward to the response.
0 Likes 0 ·
Hi Riley,

Your Cert is valid now.

There are 3 Cipher Suites supported on your side:  
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Unfortunately, none of them are currently supported by our Backend.

Could you please install any of below Cipher Suites and try again? 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Thanks,
Igor
0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.