1. 技术文章
  2. Privacy error using pythonanywhere ssl certificate

Privacy error using pythonanywhere ssl certificate

依然范特西╮ 提交于 2021-01-29 05:27:28

问题


I have a payment gateway in my web-app that requires an SSL certificate to work properly.

the web-app is a django web-app hosted at pythonanywhere. I used their Auto-renewing Let's Encrypt certificate to add an SSL certificate and make the website load as an HTTPS website.

The website now loads as an HTTPS website but when exiting the payment gateway I still get a Privacy error as follows

Your connection is not private
Attackers might be trying to steal your information from <my domain> (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

I am not sure what I am doing wrong

[EDIT-1]

  1. I am using a custom domain that I bought from GoDaddy
  2. I followed this link to setup the SSL certificate
  3. I have also enabled forcing-https in pythonanywhere.
  4. I changed the callback url in my views from http://<my_domain>.org/payment/status/ to https://<my_domain>.org/payment/status/
  5. The callback url page does not contain any http links. Just a css file as follows <link rel="stylesheet" href="{% static 'css/paymentstatus.css' %}">

Please note that when I visit the website, it shows as https. It is only when calling the callback URL does it return the Privacy error.

I did not face this error when I tried it in my local system with ngrok. This error occurs only with pythonanywhere.

[EDIT-2]

nslookup mydomain.org

▶ nslookup mydomain.org
Server:     2405:201:e011:3804::c0a8:1d01
Address:    2405:201:e011:3804::c0a8:1d01#53

Non-authoritative answer:
Name:   mydomain.org
Address: IP_ADDRESS

dig mydomain.org

▶ dig mydomain.org
; <<>> DiG 9.10.6 <<>> mydomain.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8056
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.org.      IN  A

;; ANSWER SECTION:
mydomain.org.   225 IN  A   IP_ADDRESS

;; Query time: 2 msec
;; SERVER: 2405:201:e011:3804::c0a8:1d01#53(2405:201:e011:3804::c0a8:1d01)
;; WHEN: Fri Jan 15 14:18:23 IST 2021
;; MSG SIZE  rcvd: 51

[EDIT-3]

I changed the url from https://<my_domain>.org/ to https://www.<my_domain>.org/. This leads to a 404 error. I have added my views.py and url.py below

views.py

def donate(request):
    if request.method == "POST":
        form = DonateForm(request.POST)

        name = request.POST.get('firstName')
        phone = request.POST.get('phone')
        email = request.POST.get('email')
        amount = float("{0:.2f}".format(int(request.POST.get('amount'))))
        ord_id = OrdID()
        cust_id = CustID()

        paytm_params = {
            "MID" : MERCHANTID,
            "WEBSITE" : "DEFAULT",
            "INDUSTRY_TYPE_ID" : "Retail",
            "CHANNEL_ID" : "WEB",
            "ORDER_ID" : ord_id,
            "CUST_ID" : cust_id,
            "MOBILE_NO" : phone,
            "EMAIL" : email,
            "TXN_AMOUNT" : str(amount),
            "CALLBACK_URL" : "https://www.<my_domain>.org/payment/status/",

            }

        paytm_params['CHECKSUMHASH'] = Checksum.generate_checksum(paytm_params, MERCHANTKEY)

        if form.is_valid():
            form.save()

        return render(request, 'paytm.html', {'paytm_params': paytm_params})

    else:
        form = DonateForm()
        context = {'Donate': form}
        return render(request, 'donate.html', context=context)

@csrf_exempt
def handlerequest(request):
    if request.method == "POST":
        form = request.POST
        response_dict = {}

        for i in form.keys():
            response_dict[i] = form[i]

            if i == 'CHECKSUMHASH':
                checksum = form[i]
                print(checksum)

        verify = Checksum.verify_checksum(response_dict, MERCHANTKEY, checksum)

        if verify:
            if response_dict['RESPCODE'] == '01':
                print('order successful')
            else:
                print('error: ' + response_dict['RESPMSG'])

        return render(request, 'paymentstatus.html', {'response': response_dict})

urls.py

urlpatterns = [

    ...

    path('donate', views.donate, name='donate'),
    path('payment/status', views.handlerequest, name='handlerequest'),

    ...
]

回答1:


If your site is set up on PythonAnywhere, it's probably at https://www.<my_domain>.org/, not https://<my_domain>.org/. So if your callback URL does not include the www. at the start, then try adding it and see if that fixes the problem.




回答2:


I will just guess now:

  • either the DNS needs some time to propagate with the payment provider DNS database

inside terminal

# check NS record
nslookup yourdomain.org
# try to force refresh for few times
dig yourdomain.org

please share the output

  • or what concerns me the most that you are using CDN service or loading assets served on http inside your https

  • in the browser to left hit on the lock icon and check the certificate and if everything looks good you gotta get in touch with their support again to force refresh their DNS, normally it takes sometime to work automatically.



来源:https://stackoverflow.com/questions/65730560/privacy-error-using-pythonanywhere-ssl-certificate

标签
python
ssl
https
payment-gateway
pythonanywhere
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!