Error when trying to pair website and BTCPay

[Sosthene00]

Steps to reproduce

I downloaded and ran the docker setup for BTCPay server. It is running fine on testnet, I can access it without issue from the url I registered.

I created an account and a store, named "test".

I have a wordpress running on another host, and I would like to pair the two.

I installed the BTC Pay plugin for woocommerce on my wordpress, opened settings, and followed instructions to create an API token.

When pasting the generated key in my wordpress, I got this error:
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

SSL encryption is ok on my BTC Pay server. The wordpress server is unencrypted.

Config

Woocommerce version : 3.4.4
BTCPay plugin version : 2.2.24
Wordpress version : 4.9.8
BTC Pay server version : 1.0.2.57

[NicolasDorier]

Check https://github.com/btcpayserver/woocommerce-plugin#ssl-certificate-problem-unable-to-get-local-issuer-certificate

[NicolasDorier]

Though given your error, it is probablbe that the error come from an outdated SSL version which is insecure. How have you setup your HTTPS?

[NicolasDorier]

You can test your ssl setup on https://www.ssllabs.com/ssltest. Docker with nginx from BTCPay are rated A+ (https://www.ssllabs.com/ssltest/analyze.html?d=main2-btc-ltc.forkbitpay.ninja)

[Sosthene00]

My BTC Pay server indeed got a A+, so it doesn't seem to be an issue.

But I looked the linked and I don't have SSL connection enabled on my wordpress host, so if I understand well this is the issue right ?

So I need to buy an SSL certificate for my wordpress host, is that the deal ?

[Sosthene00]

I figured out that my host provider (OVH) already provides me with a SSL certificate, but I never activated it on my wordpress site, so I did it using "really simple ssl" plugin for wordpress.

Everything looks ok, my browser doesn't alert me and the test gives it a A.

But I still get the same error when I try to pair the two.

The SSL test returned this, maybe there's an issue ?

[NicolasDorier]

I think it is the issue given the error message, my server does not have 1.0.

[Sosthene00]

But since I also have TLS 1.2 on wordpress side, shouldn't client and server do some kind of handshake to determine that they both know 1.2 ?
I'm not sure how to solve this, I 'd like to ask OVH but I'm still waiting an answer for the last question I asked them...

[Sosthene00]

I made my host upgrade TLS version, I can pair my WP and my BTC Pay now. Problem solved !

[NicolasDorier]

I think just allowing TLS 1.0 create a vulnerability in the Handshake, which is why it might be blocked.

[hawkmauk]

I had the same problem with not being able to pair but found that the problem was with different versions of libssl on the server with btcpayserver and that with wordpress installed. Make sure the output of the command openssl version is the same on both servers.
Took me 3 days to get to the bottom of the issue so hopefully posting here will save someone else the hassle!