Issue PayPal unable to reach server

[trippy]

Server operating system version

Ubuntu 24.04.2 LTS

Plesk version and microupdate number

Version 18.0.69 Update #3

Looked through past posts, did not see anything that will resolve my issue.

Symptom: When using HTTPS, PayPal callbacks to server (API shipping callback, IPN callback) generate NO ENTRIES in server logs (access, access_ssl, etc. - none) and no evidence script is executing on server. When using HTTP (insecure) shipping callback runs, IPN does not - but this will only work in sandbox so I need to understand final solution before prod.

I ran the tool at qualys SSL lab, I get an "A" rating, but also see:
This server supports TLS 1.3. MORE INFO »
This site works only in browsers with SNI support.
Unsure if this link will work, but this is the domain I'm trying to make work:

SSL Server Test: beta.pathtags.me (Powered by Qualys SSL Labs)

Things I have tried:

• Upgraded to a paid cert vs. lets encrypt - no change
• Turned off server firewall - scary - no change
• Turned modsecurity off and tried it in detection only - no change
• Switched off rule 210280 - there seemed to be some indication in logs this was triggering
• Watched /var/log/modsec_audit.log (tail -f) while trying to invoke IPN, no updates/entries appear
• tail -f all logs in /var/log - no activity when there should be

I opened a case with PayPal, they are just telling me to check server settings. Hoping someone here may have some more specific information or additional suggestions.

 

[trippy]

Further info - after looking around the advice today seems to be to switch to webhooks vs. IPN.
So I set up a simple webhooks handler on my server and subscribed to "ALL EVENTS" for it.
I used the secure URL in the webhooks simulator on PP developer portal, I get any simulation that I try.

Nothing comes to that URL during normal operation.

 

[trippy]

Disregard. We will use traditional subscription buttons. These do not invoke webhooks. Other payments ARE hitting my webhooks handler from sandbox over HTTPS. But no IPN is coming in. Any help or ideas is certainly appreciated, I've been wrestling with this for over a week.

 

[Kaspar]

Oh boy, this is the kind of scenario that would drive me nuts.

You've already seems to have done a lot of trouble shooting. The first things that comes to my mind is that perhaps some traffic originating from PP to your server gets blocked (while some traffic does get trough). But since you've already disabled the firewall and that did not change anything I am not sure what else you can try. Other than maybe double check if there is any other firewall running.

Another thing you might want to double check, is if IPv6 is configured correctly. Perhaps the server (or domain) does not use IPv6, but if there are still AAAA records configured for the domain than traffic still can get routed via IPv6.

In the end I think I would spin up a cheap bare bone virtual server with another provider (just to rule out the possibility of network issues at the provider) to see that causes issues too, and go from there.