Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

  • Ben March 2013
Tip: StartSSL certifiates are not supported by Amazon SNS
  • Vote Up0Vote Down kwilsonkwilson
    Posts: 4Sendy user

    I just spent a week working with Amazon AWS support on a problem where my SNS endpoints were stuck in "PendingConfirmation" state. After a handful of days and a fair bit of back-and-forth email, we discovered that the problem had to do with the SSL certificate I'm using for my Sendy installation.

    I'm using a wildcard certificate from StartSSL which works great in every browser I've tested, back to IE6, but is apparently not trusted by the Java SSL library that Amazon is using for their SNS service. The result of this is that SNS will not be able to talk to your endpoints if you're using one of these certificates.

    Options at this point are a) get a different certificate, or b) not require SSL for your bounces/complaints endpoints. Either of these will fix the problem easily, but it was a real headache figuring this out.

    Amazon has a list of supported certificate authorities here:
    http://docs.aws.amazon.com/sns/latest/gsg/SendMessageToHttp.https.ca.html

    This is not a Sendy problem, but I figure there's a non-zero overlap between people using Sendy (and therefore SNS) and people using StartSSL certificates, so hopefully this post will help anyone else who runs into this.

  • 1 Comment
  • Vote Up0Vote Down BenBen
    Posts: 3,475Sendy support

    Thanks @kwilson, I really appreciate you taking the time to help future users who may need this valuable information.

This discussion has been closed.
All Discussions