Search code examples
phpcurlpaypalexpress-checkout

Paypal Express Checkout Curl Failing on Live, but working in Sandbox

I'm stumped, because this was working, but now, all of a sudden, it does not work.

I use Paypal's Express Checkout and have the following code:

$post = array(
        'USER'=>$username,
        'PWD'=>$password,
        'SIGNATURE'=>$signature,
        'METHOD'=>'SetExpressCheckout',
        'VERSION'=>'119',
        [... All the other info  to be sent to Paypal...]
        );
$post = http_build_query($post);

$live_curl = "https://api-3t.paypal.com/nvp";
$sandbox_curl = "https://api-3t.sandbox.paypal.com/nvp";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $live_curl);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); 
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 3); // 3 seconds to connect
curl_setopt ($ch, CURLOPT_TIMEOUT, 10); // 10 seconds to complete
$output = curl_exec($ch);
curl_close($ch);

When I use the sandbox url it works fine, but on the live server I get this error:

cUrl error (#28): Operation timed out after 0 milliseconds with 0 out of 0 bytes received

This has worked for a long time, I even received an order through it recently, but it doesn't work now!

Edit: My website has SSL, so setting curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); like we see in so many answers to questions like this, is not an option. That defeats the purpose of a secure checkout. Besides, I've tried it in all my debugging, and does not work.

Update: I set CURLOPT_VERBOSE to TRUE and got this:

Hostname was found in DNS cache
Hostname in DNS cache was stale, zapped
Trying 173.0.84.69...
Connected to api-3t.paypal.com (173.0.84.69) port 443 (#0)
successfully set certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
Operation timed out after 0 milliseconds with 0 out of 0 bytes received
Closing connection 0

Solution

  • I contacted my host and asked them if anything had been changed recently that may have affected this. They said:

    I think I know what caused this. We set the MTU to 1476 company wide to fix some issues. I changed it back to 1500.

    Well, that didn't work. So he changed it to 1400 and all of a sudden it works!

    So the logical question for me was

    Why would diminishing the MTU make it work?

    Their answer:

    This is due to the new DDOS protection. I would like to escalate this ticket and have it investigated further so we can narrow down why the reduction to 1476 did not resolve this issue for you.

    So the escalated support agent says:

    1476 should work just fine and I've tried to connect to the https://api-3t.paypal.com site from a system with MTU set to 1476 and it worked just fine for me.

    Well, yes. It actually always worked for me from the command line.

    So he changed my site's MTU back to 1476 and surprise! It works just fine.

    So, what was the real problem in the end? I don't know. As far as I know all settings are back to what they were when it was not working.