I’m trying to create an HTTP endpoint that I can call via a webhook from another site to send events as application/json data and store that data in a table for a dashboard.
I’m getting the following error:
Action Error: VendorApiException: Failed to execute HTTP request; javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn’t match any of the subject alternative names: [anvil.app, anvil.dev, anvil.works, anvilapp.net, calendar.anvil.works, drive.anvil.works, forum.anvil.works, grafana.anvil.works, groups.anvil.works, mail.anvil.works, mailing.anvil.works, www.anvil.works]
A test to a putsreq.com endpoint from a cloned webhook works as expected.
As this is just a test, I’ve tried setting it up with cross_site_session=True and publishing for public access.
In this case I’m not passing any parameters but have the application/json data in the body.
I don’t have a lot of experience with this so not sure what I’m missing–any suggestions?
It looks like the service you’re using to make the request does not recognise our TLS certificate – or rather, it’s getting the wrong TLS certificate. (It could be something to do with the *.anvil.app wildcard certificate.)
What’s the service that’s making the webhook request?
(My stab-in-the-dark guess: Whatever is making the webhook is running a very old HTTP library that doesn’t support “TLS SNI”, which is something Anvil requires.)
It’s unfortunate to hear that it’s just not something I’m doing wrong.
The service is an analytics platform-that-shall-not-be-named (at this point), and I’d be surprised if what they are using is that old as they connect successfully with their integrations to many other current platforms/services.
Maybe I’ll try forwarding to their support and see what they say.
Any chance that setting up authorization a different way would work?
Actually, just tested with Postman to putsreq.com and the published public app endpoint–the putsreq.com call works but the anvil call fails. App log shows: anvil.server.NoServerFunctionError: API request routing failed. No @anvil.server.http_endpoint exists with path matching ‘/event_inbox’
I’ve never had to do that, so I’m pretty sure that’s a no.
Pretty sure they are using https://letsencrypt.org/
So not exactly self signed, but not a paid for cert either. Let’s Encrypt is pretty ubiquitous these days.
That’s correct - it’s a perfectly ordinary Let’s Encrypt certificate (several of them, in fact, for different hostnames, distinguished using SNI - again, perfectly ordinary). And, as you have worked out, there’s no whitelisting required. (They can verify this themselves, by using curl from their own servers.)
Can you ask them what JVM version they’re using to make the request? There are some known bugs with old Java 8 JVMs (eg this one) that might cause this issue, if they’re using an old version. (Or if they’re using something ancient, like Java 1.6, that doesn’t support SNI at all.)
If you’ve got them on an email thread, perhaps it would help to CC support@anvil.works into the conversation.
Hi, not sure if this helps but I was struggling with a similar issue. I knew my api endpoint was setup correctly as I did a simple test on a fresh application and it worked as expected. On my production app, I still received “No matching API endpoint”.
By chance, when looking to clone the app via Git, I noticed that my published version was from a number of commits ago. I published the latest version of my app and the api endpoint worked as expected.
Not sure if it will help, but that solved my issue.
Thanks for the suggestion. That “No matching API endpoint” turned out to be a minor typo on my part while trying to find a solution to the first problem with the certificate error breaking things as mentioned at the top of the thread: “Failed to execute HTTP request; javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn’t match any of the subject alternative names…”
Seems like a dumb oversight now, but the issue turned out to be that I used an underscore ("_") in the alias name when I created a public link. Vendor suggested I use hyphen instead and that fixed it.
I’m definitely not well versed in the finer points of DNS naming so managed to break the app with this unexpected (to me) edge case:
SOLUTION: Don’t use underscore in your public link alias names–Let that be a lesson
Anvil App and HTTP Endpoint feature work great, as advertised!
(at this point), and I’d be surprised if what they are using is that old as they connect successfully with their integrations to many other current platforms/services.