Adding SSL Certificate to Custom Domain Breaks http POST Workflow

I added an SSL Certificate to my custom domain.

I had a workflow (self-registration) that allowed a gateway device to send an HTTP POST request to an endpoint which would create the device and then return the deviceId, key and secret in the response.

After adding the SSL Certificate this workflow no longer functions because the HTTP POST seems to get redirected to HTTPS POST request.

If I send POST via HTTPS it seems it hits the workflow but hits timeout.

If I send POST via HTTP it does not hit the workflow.

Hi Leo!

I’m looking into this for you and will get back to you soon with a solution. :smile:

Thanks,
Julia

Leo, is your certificate self-signed? Using Postman, I tried making a POST request to your endpoint and got the following message in the client:

Could not get any response

There was an error connecting to https://app.machinesaver.io/register-moxa-uc-8112-me-t-lx1.

Why this might have happened:

  • The server couldn’t send a response: Ensure that the backend is working properly
  • Self-signed SSL certificates are being blocked: Fix this by turning off ‘SSL certificate verification’ in Settings > General
  • Proxy configured incorrectly: Ensure that proxy is configured correctly in Settings > Proxy
  • Request timeout: Change request timeout in Settings > General

Despite this message, I had your workflow open and the endpoint request did hit the workflow and send a reply.

I turned off SSL certificate verification in Postman and I did get the response from your server as I would expect.

Dylan,

It is very strange… machinesaver.io and www.machinesaver.io (which are at the same document root) both work with the non-self-signed wildcard certificate if I add them on losant.
When using the same non-self-signed-wildcard certificate for app.machinesaver.io and www.app.machinesaver.io (which are at a different document root from the aforementioned subdomains) the certificate shows as not valid when I put it in on Losant. When I use the self-signed-certificate on these two, Losant accepts the certificate but it shows the unsecured error to my users. Do you think that the document root might have something to do with the certificates working?

I am out of my element on this… I need to see our custom domain and to have customers not see a security warning from their browser when they try to access the application.

Can you please read the following response from our domain name host and give me your thoughts?

This image was part of the email but didn’t render when I copied it:


Leo,

Since your losant account is not our server the SSL certificate won't work.

So I have updated the DNS records for [app.machinesaver.io](http://app.machinesaver.io) and pointed it to

our server instead. Now the SSL certificate works and when someone visits

[app.machinesaver.io](http://app.machinesaver.io) I ***redirect*** them to this URL

[5c8289d92875110008983765.onlosant.com](http://5c8289d92875110008983765.onlosant.com)

Try these links:

[app.machinesaver.io](http://app.machinesaver.io)

[www.app.machinesaver.io](http://www.app.machinesaver.io)

This is the prefered URL to use for your clients:
https://app.machinesaver.io

This is a workaround of course. The validation setting on *.[onlosant.com](http://onlosant.com)

has a problem with our SSL and rejects it. So the only way we can solve this

is to have the DNS pointed at our server, validate the SSL and then we redirect

it to *.[onlosant.com](http://onlosant.com).

Let me know if this solves the problem. If not then we have to ask if ****.[onlosant.com](http://onlosant.com)***

has a solution for SSL on their server. By the way I can help with that as well.

Let me know what you think. Thanks.
-Ethan

Unfortunately, his redirect defeats the purpose of the custom domain in the first place… so this solution doesn’t really work for me.

Lastly, I’m going to need external gateways to check in to setup their deviceIDs and get their secretkeys and accesskeys.

Also with the redirect, the I cannot get the HTTP POST request to work.
To see my attempt click the link below:

API Request Example

Hi @Leo_Bach1,

You mentioned:

It is very strange… machinesaver.io and www.machinesaver.io (which are at the same document root) both work with the non-self-signed wildcard certificate if I add them on losant.

Did you get the same result when you tried those? After adding them to Losant, could you access app.machinesaver.io with no issue?

Boomtime! It appears everything is working from the custom domain side now.

Not sure what changed exactly although I know it can be done server/host company side.
But I will share the information I was givenfor future users/readers…

Here is the information I was given from the host company:

@Dylan_Schuster @anaptfox @JuliaKempf Your support has been A+ throughout this process thanks for putting up with me. :sweat_smile:

HTTPS Post Request are now working as well.

1 Like