[英]Privacy error using pythonanywhere ssl certificate
I have a payment gateway in my web-app that requires an SSL
certificate to work properly.我的网络应用程序中有一个支付网关,需要
SSL
证书才能正常工作。
the web-app is a django web-app hosted at pythonanywhere
.该网络应用程序是托管在
pythonanywhere
的 django 网络应用程序。 I used their Auto-renewing Let's Encrypt certificate
to add an SSL certificate and make the website load as an HTTPS
website.我使用他们的
Auto-renewing Let's Encrypt certificate
来添加 SSL 证书,并使网站加载为HTTPS
网站。
The website now loads as an HTTPS
website but when exiting the payment gateway I still get a Privacy error as follows该网站现在加载为
HTTPS
网站,但是在退出支付网关时,我仍然收到如下隐私错误
Your connection is not private
Attackers might be trying to steal your information from <my domain> (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
I am not sure what I am doing wrong我不确定我做错了什么
[EDIT-1]
[编辑-1]
http://<my_domain>.org/payment/status/
to https://<my_domain>.org/payment/status/
http://<my_domain>.org/payment/status/
更改为https://<my_domain>.org/payment/status/
<link rel="stylesheet" href="{% static 'css/paymentstatus.css' %}">
<link rel="stylesheet" href="{% static 'css/paymentstatus.css' %}">
Please note that when I visit the website, it shows as https
.请注意,当我访问该网站时,它显示为
https
。 It is only when calling the callback URL does it return the Privacy error.只有在调用回调 URL 时才会返回隐私错误。
I did not face this error when I tried it in my local system with ngrok
.当我使用
ngrok
在本地系统中尝试它时,我没有遇到此错误。 This error occurs only with pythonanywhere
.此错误仅发生在
pythonanywhere
中。
[EDIT-2]
[编辑-2]
nslookup mydomain.org
▶ nslookup mydomain.org
Server: 2405:201:e011:3804::c0a8:1d01
Address: 2405:201:e011:3804::c0a8:1d01#53
Non-authoritative answer:
Name: mydomain.org
Address: IP_ADDRESS
dig mydomain.org
▶ dig mydomain.org
; <<>> DiG 9.10.6 <<>> mydomain.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8056
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mydomain.org. IN A
;; ANSWER SECTION:
mydomain.org. 225 IN A IP_ADDRESS
;; Query time: 2 msec
;; SERVER: 2405:201:e011:3804::c0a8:1d01#53(2405:201:e011:3804::c0a8:1d01)
;; WHEN: Fri Jan 15 14:18:23 IST 2021
;; MSG SIZE rcvd: 51
[EDIT-3]
[编辑-3]
I changed the url from https://<my_domain>.org/
to https://www.<my_domain>.org/
.我将 url 从
https://<my_domain>.org/
更改为https://www.<my_domain>.org/
。 This leads to a 404 error.这会导致 404 错误。 I have added my views.py and url.py below
我在下面添加了我的 views.py 和 url.py
views.py
视图.py
def donate(request):
if request.method == "POST":
form = DonateForm(request.POST)
name = request.POST.get('firstName')
phone = request.POST.get('phone')
email = request.POST.get('email')
amount = float("{0:.2f}".format(int(request.POST.get('amount'))))
ord_id = OrdID()
cust_id = CustID()
paytm_params = {
"MID" : MERCHANTID,
"WEBSITE" : "DEFAULT",
"INDUSTRY_TYPE_ID" : "Retail",
"CHANNEL_ID" : "WEB",
"ORDER_ID" : ord_id,
"CUST_ID" : cust_id,
"MOBILE_NO" : phone,
"EMAIL" : email,
"TXN_AMOUNT" : str(amount),
"CALLBACK_URL" : "https://www.<my_domain>.org/payment/status/",
}
paytm_params['CHECKSUMHASH'] = Checksum.generate_checksum(paytm_params, MERCHANTKEY)
if form.is_valid():
form.save()
return render(request, 'paytm.html', {'paytm_params': paytm_params})
else:
form = DonateForm()
context = {'Donate': form}
return render(request, 'donate.html', context=context)
@csrf_exempt
def handlerequest(request):
if request.method == "POST":
form = request.POST
response_dict = {}
for i in form.keys():
response_dict[i] = form[i]
if i == 'CHECKSUMHASH':
checksum = form[i]
print(checksum)
verify = Checksum.verify_checksum(response_dict, MERCHANTKEY, checksum)
if verify:
if response_dict['RESPCODE'] == '01':
print('order successful')
else:
print('error: ' + response_dict['RESPMSG'])
return render(request, 'paymentstatus.html', {'response': response_dict})
urls.py
网址.py
urlpatterns = [
...
path('donate', views.donate, name='donate'),
path('payment/status', views.handlerequest, name='handlerequest'),
...
]
Firstly the www.
首先是
www.
to the url as the answer indicates was the issue.到 url 的答案表明是问题所在。 The 404 error was solved like this.
404错误就这样解决了。
turns out the path in views and the path in urls should be the same.结果是视图中的路径和 urls 中的路径应该是相同的。 This solved the issue for me.
这为我解决了这个问题。
def donate(request):
...
paytm_params = {
"MID" : MERCHANTID,
"WEBSITE" : "DEFAULT",
"INDUSTRY_TYPE_ID" : "Retail",
"CHANNEL_ID" : "WEB",
"ORDER_ID" : ord_id,
"CUST_ID" : cust_id,
"MOBILE_NO" : phone,
"EMAIL" : email,
"TXN_AMOUNT" : str(amount),
"CALLBACK_URL" : "https://www.<my_domain>.org/payment/status",
...
urls.py网址.py
urlpatterns = [
...
path('donate', views.donate, name='donate'),
path('payment/status', views.handlerequest, name='handlerequest'),
...
]
Note that in the urls.py the path is as follows payment/status
.请注意,在 urls.py 中,路径如下
payment/status
。 Previously in views the path had a slash in the end like this https://www.<my_domain>.org/payment/status/
.以前在视图中,路径最后有一个斜杠,例如
https://www.<my_domain>.org/payment/status/
。 Removing the slash in the end worked for me.最后删除斜线对我有用。
If your site is set up on PythonAnywhere, it's probably at https://www.<my_domain>.org/
, not https://<my_domain>.org/
.如果您的站点是在 PythonAnywhere 上设置的,它可能位于
https://www.<my_domain>.org/
,而不是https://<my_domain>.org/
。 So if your callback URL does not include the www.
因此,如果您的回调 URL 不包括
www.
at the start, then try adding it and see if that fixes the problem.一开始,然后尝试添加它,看看是否能解决问题。
inside terminal航站楼内
# check NS record
nslookup yourdomain.org
# try to force refresh for few times
dig yourdomain.org
please share the output请分享 output
or what concerns me the most that you are using CDN service or loading assets served on http inside your https或者我最关心的是您使用 CDN 服务或加载在 https 内的 http 上提供的资产
in the browser to left hit on the lock icon and check the certificate and if everything looks good you gotta get in touch with their support again to force refresh their DNS, normally it takes sometime to work automatically.在浏览器中点击锁定图标并检查证书,如果一切正常,您必须再次联系他们的支持人员以强制刷新他们的 DNS,通常需要一段时间才能自动工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.