Webhook signature not being parsed on live production server, 500 returned before reaching job #153

hondaman900 · 2023-01-29T17:59:05Z

hondaman900
Jan 29, 2023

As far as I can determine, on my production server (Forge/DigitalOcean Droplet) the Stripe signature is not being parsed correctly before reaching the job to process the payload. Laravel is returning an invalid signature and a 500 error to Stripe (instead of 200) and the processing of the payload fails, resulting in successful payment but not being able to establish the customer's subscription.

From my earlier working on this app I have laravel-webhook-client and I'm wondering if this is somehow conflicting with (or intercepting) something as it seems to be involved in the stack trace below. Is there a safe way to remove this without breaking things more, or is it a dependency of laravel-stripe-webhooks?

This is only not working on the production server, which should be identical to my local dev app which works fine. I can't see/find a difference between the live and dev versions that would account for this. The local dev version uses the webhook secret provided for Stripe CLI whereas the live version uses the webhook secret provided by the Stripe dashboard.

Here's the error and stack trace. I welcome any suggestions as to how to diagnose and/or resolve this, as I'm at a loss as to what to try next.

[2023-01-29 17:28:35] production.ERROR: The signature is invalid. {"exception":"[object] (Spatie\\WebhookClient\\Exceptions\\WebhookFailed(code: 0): The signature is invalid. at /home/forge/mysite.com/vendor/spatie/laravel-webhook-client/src/Exceptions/WebhookFailed.php:11)
[stacktrace]
#0 /home/forge/mysite.com/vendor/spatie/laravel-webhook-client/src/WebhookProcessor.php(44): Spatie\\WebhookClient\\Exceptions\\WebhookFailed::invalidSignature()
#1 /home/forge/mysite.com/vendor/spatie/laravel-webhook-client/src/WebhookProcessor.php(28): Spatie\\WebhookClient\\WebhookProcessor->ensureValidSignature()
#2 /home/forge/mysite.com/vendor/spatie/laravel-stripe-webhooks/src/StripeWebhooksController.php(27): Spatie\\WebhookClient\\WebhookProcessor->process()
#3 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(48): Spatie\\StripeWebhooks\\StripeWebhooksController->__invoke(Object(Illuminate\\Http\\Request), NULL)
#4 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Route.php(219): Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route), Object(Spatie\\StripeWebhooks\\StripeWebhooksController), '__invoke')
#5 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Route.php(176): Illuminate\\Routing\\Route->runController()
#6 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Router.php(681): Illuminate\\Routing\\Route->run()
#7 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(130): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#8 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#9 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#10 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#11 /home/forge/mysite.com/app/Http/Middleware/VerifyCsrfToken.php(32): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#12 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): App\\Http\\Middleware\\VerifyCsrfToken->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#13 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#14 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Session\\Middleware\\AuthenticateSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#15 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#16 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#17 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(56): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#18 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#19 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#20 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#21 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#22 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#23 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#24 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Router.php(683): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#25 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Router.php(658): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#26 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Router.php(624): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#27 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Routing/Router.php(613): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#28 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(170): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#29 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(130): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#30 /home/forge/mysite.com/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#31 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#32 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#33 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#34 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#35 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#36 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#37 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#38 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#39 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#40 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#41 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#42 /home/forge/mysite.com/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#43 /home/forge/mysite.com/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#44 {main}
"}

hondaman900 · 2023-01-29T19:31:30Z

hondaman900
Jan 29, 2023
Author

Nevermind my questions about laravel-webhook-client. I since found it's a dependency of laravel-stripe-webhooks.

Still have no idea as to how to proceed to resolve this - help!

0 replies

hondaman900 · 2023-01-30T23:40:30Z

hondaman900
Jan 30, 2023
Author

OMG!! I am such an idiot. I didn't change out the Stripe CLI secret key for the one provided in the Stripe dashboard for the specific webhook <slapping forehead!>. I was sure I had done that, but I hadn't. Apologies for being an idiot. I lost a week debugging why this didn't work, and it did all along (if I had provided the correct secret key)

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Webhook signature not being parsed on live production server, 500 returned before reaching job #153

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Webhook signature not being parsed on live production server, 500 returned before reaching job #153

hondaman900 Jan 29, 2023

Replies: 2 comments

hondaman900 Jan 29, 2023 Author

hondaman900 Jan 30, 2023 Author

hondaman900
Jan 29, 2023

hondaman900
Jan 29, 2023
Author

hondaman900
Jan 30, 2023
Author