woocommerce api error

Discussion in 'Installation/Configuration' started by ariban99, Apr 29, 2020.

  1. ariban99

    ariban99 Member

    hi
    i just installed the latest debian 10, apche with ispconfig 3 using your tutorial
    everything works great, besides for woocommerce api.
    i have an SSL and my site works on https:// but woocommerce for some reason is not sending API request via https and instead is sending it via HTTP only.
    from many online forums from other it points to an issue on the server, but i have no glue where to start on the server.
    can anyone help?
    the error for my API i am getting is
    oocommerce_rest_cannot_view, Sorry, you cannot list resources, 401.
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    This definitely sounds like a woocommerce issue, not ISPConfig, it seems very unlikely that the server configuration outside of your website is causing woocommerce to connect to a different port/protocol. I would start by checking your General settings, and ensure you have https for the wordpress and the site address, then head over to woocommerce settings to check everything (I'm not familiar enough with it to know exactly where to look off the top of my head) and generate new api keys.

    Cut/paste of the error you posted into a google search finds quite a few results, which it sounds like you've checked. I'm curious which one(s) would indicate a server problem? (Not saying it couldn't happen, but certainly nothing comes to mind which would cause it.)
     
    Last edited: Apr 29, 2020
  3. nhybgtvfr

    nhybgtvfr Active Member

    I know you say it's not working on https now, and you have a certificate, did the certificate exist before you installed/configured woocommerce? or was the certificate added after woocommerce was already working?

    as jesse says, you need to set the site url and home settings under 'general settings' in wordpress to use https now if you haven't already.
    there could already be lots of hardcoded http links in the content already, which are not necessarily updated like this.
    I would recommend enabling 'rewrite http to https' in the sites settings in ispconfig. and try installing the 'better search and replace' plugin in wordpress. once installed and activated, use that to try to replace all existing instances of http://<yourdomainname.tld> with https://yourdomainname.tld, along with http://www.<yourdomainname.tld> to https://www.<yourdomainname.tld> if the www subdomain is usable on that site, and also for any other subdomains that may be in use on the site.
    with this plugin, there are a set of options to check for what type of data it's allowed to change, allow it for everything EXCEPT guid's

    it may not resolve your issue, but it should rule out any embedded http:// links being the cause.
     
  4. ariban99

    ariban99 Member

    thank you for your reply, i will reach out to woocommerce support and see what they say.
    a few forums mentioned these items, can any of these be the cause or how can i fix these?
    Ask your host if if loopback is disabled.
    Ask your host if there a firewall or security modules (e.g. mod_security ) that could block the outgoing cURL requests.
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    Probably not, but depends on what is meant by "loopback" and on your configuration. There is a loopback network interface for the localhost address, and requests to your site should be possible there if your site is set to '*' ip address, not a specific ip. I would also consider a request by the site to its own public ip address to be a "loopback" connection, and that should also be allowed. Then there are "loopback" network connections that take place in a router if you are using NAT, where a connection from your server to the public ip address of your site may or may not get forwarded back to your server - that depends on the router in play, but could very likely fail. If you're not using NAT, then no worries there.

    mod_security is not installed or configured out of the box, you would have to have done that if it is, and would probably know that you did, because it's not trivial. there aren't other modules in the web server that would block the requests by default.

    There may be a port-based iptables firewall in use via System > Firewall; if so, you already have port 80 and 443 open (or your websites would not be accessible), and there are no restrictions for localhost/server connections (again, unless you manually did that from the command prompt - not likely).

    Curl requests are probably not blocked, unless you disabled the functions in your php.ini; that breaks so many things in wordpress, it's probable you have not. That might make it to a php error log to indicate it is happening, I'm not positive, but you could certainly check. More likely with curl is you'd have issues with the certificate names which didn't verify, but...

    All these blocking/failing connection issues seem to be mostly irrelevant to your original claim:
    You're certain the requests do come in via http? If so, they're not being blocked, it's just misconfigured to make a wrong request. Did you check/try the aforementioned things?
     
  6. ariban99

    ariban99 Member

    the SSL certificate was installed before the website was installed.
    i have setup rewrite to SSL in ispconfig for this site, the whole site uses SSL with no issues
    i installed the plug and ran it, 0 cells needed updating and still the same results
     
  7. ariban99

    ariban99 Member

    attached is a screenshot of the header, maybe you can figure it out better than i can.
    in system > firewall, there is nothing there, as i don't use this firewall as anything, its all on my pfsense firewall
     

    Attached Files:

  8. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    That shows the request is https. The protocol spoken to the web server (eg. in the response) is always HTTP, whether the connection is encrypted (https) or not (http).

    You should generate new api keys and try them, not just because that is a common cause of your problem, but also because your screenshot has compromised your current credentials via the Authorization header.
     
  9. ariban99

    ariban99 Member

    i revoked those keys and created new ones, i will see what woocommerce has to say, i am still getting te same error 401 with new keys
     
  10. ariban99

    ariban99 Member

    hi
    its definitely a server issue, as i copied my site to bluehost sharedhosting as a test for $3 and it works perfectly fine on their server.
    does this give you any ideas what else it can be?
     
  11. nhybgtvfr

    nhybgtvfr Active Member

    jesse says:

    well, I can confirm to do this you would have to add curl_exec and/or curl_multi_exec to the disable_functions line in your php.ini files, and if this was a problem, it would definitely be logged in /var/www/<domain.tld>/log/error.log :oops:
     
  12. ariban99

    ariban99 Member

    no i didnt add those to my php.ini file
    can it be something with permissions? i uploaded the files via ftp on root account, i then ran this in ssh to change permission chown -R -v -f web1 web
     
  13. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    It's possible, if the plugin needs to read or write something which it cannot. I had scanned their page on requirements/setup and didn't notice any mention that being a cause of that error, but certainly wrong permissions cause problems.

    Make sure you set not just the owner but also the group.
     
  14. nhybgtvfr

    nhybgtvfr Active Member

    not sure that would be enough to change them. depends on what the group settings are.

    i'd say cd to /var/www/<domainname.tld>
    or /var/www/clients/<clientid>/<webid>
    (should effectively be the same location, otherwise you've got bigger problems..... )
    and run
    chown -R <webid>:<clientid> web
    obviously changing <webid> and <clientid> to the correct values.

    it may also be worth making sure that all the files have the correct permissions as well, so after the running the chown,
    cd web
    find . -type d -exec chmod 755 {} \;
    find . -type f -exec chmod 644 {} \;

    to set all directories to rwxr-x-r-x and all files to rw-r--r--
     
  15. ariban99

    ariban99 Member

    i did all this but still getting the error, anything else we can think of? i selected all options in ispconfig such as phyton, suexec, is that ok?
     
  16. nhybgtvfr

    nhybgtvfr Active Member

    I assume the site is running on php-fpm, in which case suexec should be on anyway.
    enabling the other options, I can't see helping at all, but shouldn't make anything worse.

    I don't really have anything else. maybe turn on all the debugging options in wp-config.php, and then seeing if any more information is logged about the problem. or see if you can make one of these api calls yourself from the cli, maybe that'll display some info that the application is hiding from you.
     
  17. ariban99

    ariban99 Member

    how do i make one of these calls from cli? what code do i use?
    yes i am on php-fpm, debugging doesn't show anything in wordpress
     
  18. nhybgtvfr

    nhybgtvfr Active Member

    if it's just a single call to a url, and the api credentials are part of the call, you may be able to just use curl or wget to send the request and see what it returns, otherwise, you'll probably have to write a bit of script to do it.

    if you've defined the options below in wp-config.php, then it should log errors to /wp-content/debug.log

    define('WP_DEBUG', true);
    define('WP_DEBUG_LOG', true);
    define('WP_DEBUG_DISPLAY', false); (you probably don't want all visitors seeing errors, you can set this to true if it's a test/dev site)
     
  19. ariban99

    ariban99 Member

    if i try curl, i get this error
    -bash: curl: command not found
     
  20. ariban99

    ariban99 Member

    i installed curl on my server, when it comes to the home page, i get a full response. but when it comes to my product page, i get the same 401 error, any ideas?
     

Share This Page