14 replies [Last post]
pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
Was this information Helpful?

Hello, we thought we were going to get through this project without any errors but I guess it just can't be that good.

We've got:
Drupal 7 (latest)
Ubercart 3 (latest)

We setup a pretty simple shopping cart and configured UPS, FedEx, with Authorize.net.

All the final testing was successful. We tried lots of test orders and they all went through. The site was good to go.

Then as soon as we went live with Authorize.net (setting "Live transactions in a live account"), we suddenly saw an error.

"Ubercart cannot find a necessary encryption key. Refer to the store admin dashboard to isolate which one."

To me it's totally mysterious and I have no idea why it would work in testing and not work live. The error just wont go away and everything is setup as it should be as far as we know.

Before posting here I went ahead and deleted the variable that holds the encryption key and saved the ../keys directory again in Drupal, but it didn't help. I also checked the older posts here that had a similar problem but either the posts were too old or didn't help.

The only other problem we found was with the shipping because the client entered a few products with weight/measurements that were way out of range, but that shouldn't have anything to do with the encryption key error. We see the error on every order.

We'd greatly appreciate any suggestions with this because I don't know what to look at next. I've checked everything that I know of and it's just confusing at this point.

Thanks!

pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
"Recent log messages" checks

Something else I should mention.

In the log messages (admin/reports/dblog), I'm seeing these:
"encryption - Encryption failed. No encryption key was found."
"uc_credit - Credit card encryption must be set up to process credit cards."

How can this be, if the "Encryption key directory" and "uc_credit.key" were successfully created?

Then at the bottom of admin/store under Store Status is says this (with a green check mark):
"Credit card encryption - Credit card data is encrypted during checkout for maximum security."

Why would the backend and frontend show opposite notices/warnings like that?

DanZ's picture
Offline
Joined: 08/07/2011
Juice: 1738
Re: Ubercart cannot find a necessary encryption key, but keys di

This could be a permissions issue.

Make sure the user running your Web server daemon can access the key file.

This gets especially hairy if you're running SELinux. If the comand "setenforce 0" makes the problem go away, then it's an SELinux issue.

Also, check the contents of your uc_credit.key file and make sure that it makes sense.

Also, were you able to use Authorize.net test transactions on your live account? (NOT the credit card test gateway.)

pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
Re: Ubercart cannot find a necessary encryption key

The permissions/users of the key directory are:
drwxrwxrwx - "username" psacln - keys
-rw-r--r-- - apache apache - uc_credit.key

The "username" is the one that has access. The uc_credit.key was created automatically so I didn't touch it.

I'm not aware of SELinux on our server. I'd have to check on that. It's CentOS with Plesk.

The contents of the uc_credit.key is a string of numbers and lowercase letters.

I have a feeling, after discussing it more, that once we turned on Authorize.net, the errors started appearing. Either way, the errors are happening now with Authorize.net in both "Live transactions in a live account" and "Test transactions in a live account". We're trying to test every situation but the last time it was checked it worked with the Test Gateway, but I'm not sure if that matters. The error kind of caught us off guard, but I'm sure there has to be a simple solution.

Thanks for the quick reply!

pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
Realized I didn't know what you meant on this one
DanZ wrote:

Also, were you able to use Authorize.net test transactions on your live account? (NOT the credit card test gateway.)

As far as I know I have only been testing Authorize.net in the Credit Card settings here: admin/store/settings/payment/method/credit

I'm not sure of another way/place to do Authorize.net testing in the site, unless you mean something else.

Edit: Oh, do you mean the settings in the Authorize.net account? It's always been in test mode in Authorize.net so far and in Ubercart we've tried all settings at this point....

DanZ's picture
Offline
Joined: 08/07/2011
Juice: 1738
Re: Realized I didn't know what you meant on this one

The "Test gateway" is not Authorize.net. Authorize.net is a separate gateway. However, I think that if the test gateway works, then your encryption key directory is fine. (I'm not positive on that one, but I think that's used regardless of gateway.)

Go to admin/store/settings/payment/method/credit and click on the Authorize.net tab. Make sure all your settings look right, then select the "Log full API response messages from Authorize.net for debugging." After that, you can go to admin/reports/dblog to see the results of the authorize.net transactions.

Also note that it's likely that you've got something funky set up on your Authorize.net account that's confusing Ubercart. Check the configuration on Authorize.net. Make sure you don't have any MD5 key set or anything. Ubercart doesn't use any of the special features of Authorize.net. Just the basics. If you turn them on, it might cause a problem.

pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
The test gateway...

...was also working fine before we switched over to Authorize.net (no error), but today we turned off Authorize.net, turned on the Test Gateway and now the error is still there. The error first appeared while we were switching to Authorize.net, but now it's looking like it's a coincidence. This all must have nothing to do with the gateways and the error appeared from some other reason we are unaware of.

My question is why would the encryption key folder and file be created like it should but then Ubercart can't find it during checkout. In the backend everything looks perfect, but in the frontend at checkout it doesn't. All the permissions appear to be correct and there's nothing else we can find to check at this point.

We also just tested putting the encryption key folder in the httpdocs folder along with the site and then it worked fine. The error disappeared and all the gateways worked. The error only happens when the folder is above (or outside) of the httpdocs website root folder. We've tried both locations with every possible permissions/user/group.... all out of ideas.

end user's picture
Offline
Joined: 01/11/2008
Juice: 1728
Re: The test gateway...

If it works in a public directory then sounds like your path is the issue. Have you tired contacting your host to give you the full path to your account?

DanZ's picture
Offline
Joined: 08/07/2011
Juice: 1738
Re: Re: The test gateway...

Yes, it definitely sounds like a problem accessing that path.

It's possible that the Web server software is running in a chroot jail and can't get to the outside files. This is usually a very good idea....

Also, it could be SELinux. CentOS definitely runs SELinux. See http://wiki.centos.org/HowTos/SELinux. Do try the setenforce 0 if you have command line access.

pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
Re: Re: The test gateway...

@end user:
We do have access so we can check the path. We also use settings in a vhost.conf file to give /httpdocs access to the /keys directory, which is why the Ubercart is able to access the folder when creating the uc_credit.key file.

Something like this:

<Directory /var/www/vhosts/.../httpdocs/>
        php_admin_value open_basedir "/var/www/vhosts/.../httpdocs/:/var/www/vhosts/.../keys/:/tmp"
</Directory>

In the CC settings/Security settings we were using "../keys" and that worked and then we tried "/var/www/vhosts/..." and that also worked. Ubercart is able to create the uc_credit.key file in the directory with no problem. So I don't understand why it would be able to access the keys directory with the "Security settings" when setting the "Encryption key directory", but then not be able to access it during checkout.

@DanZ:
Here's what we get when we check SELinux status:

/usr/sbin/sestatus -v
SELinux status: disabled

Thanks for the link. I'm not very familiar with CentOS so it helps. I'm not quite sure what it means though. Like if I should enable it and make setenforce 0, or it doesn't matter since it's disabled. I don't want to turn anything on like that just to test since I'm not a CentOS expert.

BTW: For the SSL we're using the Secure Pages module.

Thanks a lot for the replies. We must be close to a solution.

pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
Re: Re: The test gateway...

I'm wondering if the problem is with the way the Secure Pages module is setup. I noticed that the admin is not being set to https but obviously the cart is https.

So maybe when Ubercart is creats the uc_credit.key file using http://, during checkout with https:// it is blocked from the uc_credit.key. I'm not quite sure how that works, so it's guessing at this point.

Also, if I make the admin have https:// with the Secure Pages module, the Ubercart Security settings can't access the keys directory to create the uc_credit.key.

Maybe that's it. But, we have the httpdocs folder setup to handle both http and https so normally I'd think it wouldn't be a problem...

end user's picture
Offline
Joined: 01/11/2008
Juice: 1728
Re: Re: Re: The test gateway...

On ubercartdemo.com this is what I have

/home/****/private/keys on another site on the same server I use /home/****/keys

DanZ's picture
Offline
Joined: 08/07/2011
Juice: 1738
Re: Ubercart cannot find a necessary encryption key, but keys di

At this point, I'd just make a little PHP code that attempts to open and read that file, and then analyze any error states that come back. I think you can do this with the development module.

If all else fails, hook the server up to an IDE with a debugger (netbeans with the PHP plugin is very good). Step through the code. That will 100% pinpoint where the error is coming from.

I'm pretty sure that if SELinux is disabled, you don't have to worry about it.

I can tell you this much: The error is generated at UbercartEncryption::applyFudgeFactor(). That's where you'll set a breakpoint if you use the IDE. You can also use the devel module to insert a stack dump there.

DanZ's picture
Offline
Joined: 08/07/2011
Juice: 1738
Re: Re: Ubercart cannot find a necessary encryption key, but key

I traced it a bit further. The code that actually fetches the key is uc_credit_encryption_key(). This is the part where you want to set up your debugger or just stick a dpm() (from the devel module).

Just in case, check your uc_credit_encryption_path variable. Does it make sense?

Using the devel module, execute the following PHP code:

<?php
error_reporting
(E_ALL);
print
uc_credit_encryption_key();
?>

That should print out the contents of your key file (it works for me).

pnylon's picture
Offline
Joined: 03/06/2013
Juice: 19
Figured it out....

Sorry for the delay getting back. Looks like the cart was "blocked" from the keys directory but it was because of something I wasn't aware of, but it made a lot of sense after I started to realize what was happening.

First I have to say thanks for all the help. It got me going in the right direction and made me realize where the problem was coming from. I hadn't thought to use the devel module yet. I wont go into details. I'll just mention where it lead me.

First, there was this situation. The admin was using http and the cart was using https. But even if the admin had https, we would've had the same problem.

So after some checking I noticed that the http/https were pointing to the cause. I stopped what I was doing in drupal at that point and looked into plesk.

I had the correct code in the "vhost.conf" but it turns out that you need to have another file containing the same exact code with the name "vhost_ssl.conf"

Then the https has the same access as http.

So if anyone is using a plesk server and doesn't already know this and you're having the same problem after you've created the vhost.conf file, all you have to do is go into the conf directory and type:

cp vhost.conf vhost_ssl.conf

Thanks again and I hope this might help someone else who isn't a server or plesk manager.