Hello Satchmo users, We got an e-mail from PayPal saying we need to check our system because we use Instant Payment Notification (IPN). *PayPal is upgrading the certificate for www.paypal.com to SHA-256.* According to the PayPal microsite <https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766&expand=true&locale=en_US> we need a SHA-256 compliant server setup.
I'm not sure how to verify if we are compliant (shared hosting). According to the PayPal microsite <https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766&expand=true&locale=en_US>, we can try the www.sandbox.paypal.com endpoint. There's no point in testing with the sandbox on a development workstation as we need to verify the production setup. So I took a non-busy moment and - changed the *PayPal Payment Module Settings* on the production site and disabled *accept real payments. *(enabling sandbox payments ?) - Then I made a quick order on our site, did checkout with PayPal, landed on the sandbox, entered a valid PayPal sandbox account, and paid. - The payment failed with: This invoice has already been paid. For more information, please contact the merchant. I'm not sure if the failure is due to design of Satchmo or the IPN failing due to SHA-256. I don't see a POST for IPN in the server logs. A quick look at the PayPal payment module does not show any certificate or hashing settings pre-defined. So I'm not sure how to test (on production) if we're going to have issues with PayPal or not. Did anyone else solve this already ? Best regards, Kurt -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/satchmo-users. For more options, visit https://groups.google.com/d/optout.
