Hey there!
For quite a while now, I’ve been using my Node js app to subscribe to Twitch’s webhooks, first using XMLHttp requests to reach out to Twitch and then handling both the challenge and any incoming GET/POST and whatnot with Express (at that point with an http callback). Works like clockwork, never ran into serious issues once I got it running.
Recently though, I started trying to focus primarily on https connections, which includes all Express servers created through Node. However, even though the XMLHttp bit still seems to be turn out successful, I don’t receive a challenge from Twitch to confirm the subscription, as would normally happen through the http connection. Here’s what I’ve done:
The adjustments to run https instead of http in Express weren’t hard at all - I simply had to change the code from something like this
const xpr = new Express(); const bodyPrs = require('body-parser'); xpr.use(bodyPrs.urlencoded({extended:false})); xpr.use(bodyPrs.json()); xpr.listen(6001,()=>{console.log(${dt()} Hook-Listener initiated!);});
to this
const xpr = new Express(); const bodyPrs = require('body-parser');
const xprSrv = https.createServer({ cert:fs.readFileSync('lib/cert/cert.pem'),key:fs.readFileSync('lib/cert/privkey.pem') },xpr).listen(6001,()=>{console.log(${dt()} Hook-Listener initiated!);}); xpr.use(bodyPrs.urlencoded({extended:false})); xpr.use(bodyPrs.json());
The certificate used was created with Let’s Encrypt and it’s the same one the server uses for all other web applications it is running, no issues there. GET/POST handling remained basically unchanged, and the only other adjustment I made, was changing the callback url in the initial XMLHttpRequest from http://my.domain.com:6001 to https://my.domain.com:6001 (real domain name anonymized of course).
I double checked the XMLHttpRequest by making the same request with Postman, which also returns the usual 202 OK, and I even submitted a wrong auth key to see if Twitch would reject the request, and that too worked as expected.
Every other application I tried, within the same network or otherwise, can connect to https://my.domain.com:6001 no problem and all data is handled correctly by Express, as far as I can tell. The question remains: Why are the Webhook challenges not coming through?
Maybe Twitch doesn’t trust the Let’s Encrypt certificate? Most browsers I tried consider this certificate to be trustworthy, whereas Postman, when asked to call https://my.domain.com:6001, also establishes a connection correctly, but returns a warning saying it can’t verify the certificate.
I hope I wasn’t rambling too much and that this question wasn’t answered before (didn’t find anything quite similar though). Would love to hear your suggestions!
Thank you! (: