TL;DR: New Seamless Donations 4.0.22 has been released that executes a PayPal compatibility test and removes obsolete IPN URLs.

Important Update: There is a post in the user forums that seems to provide answers for some users, which I have incorporated into a new distribution, version 4.0.22. Please note that the Seamless Donations Github is notoriously out of date, but this is a good start. Thanks Jacob! This is why open source rocks. I don’t think I would have found the post Jacob did, and there’s nothing on the PayPal site about deprecating the function used, but Jacob found it and fixed it in his version of Seamless Donations. That’s now incorporated in 4.0.22, so I hope things are better for everyone. That said, there are good troubleshooting tips (and a little life story) in this post, so read on.

A long time ago, in a peninsula far, far away, Seamless Donations was updated to support PayPal’s then-about-to-happen requirement for SSL encryption. As history shows, PayPal didn’t complete that transition for a long, long time.

At the time, I actively promoted to Seamless Donations users what needed to be done to be ready for PayPal’s transition. Some users complied, but most went on to live their lives, blissfully unaware that the conversion to SSL encryption was going to, someday, break their Seamless Donations implementations.

I, too, went on to live my life. I lost both parents. We were hit by hurricane Matthew. Last September, we evacuated from Hurricane Irma, experienced roof damage, traveled across the country, and spent months and months house hunting, and by the time we’ll be done, have moved our entire household twice inside twelve months. For those of you who don’t know it, Seamless Donations is not my day job. I’m a volunteer. Add-on sales support (barely) the cost of keeping this Web site up.

That should answer, to those of you who have been asking, why I haven’t done major updates to Seamless Donations in the past year or so. My development system has been boxed up, waiting until it (and my family) gets a new home.

While I wasn’t able to do ongoing development of the plugin, I have been keeping up with support tickets. Once or twice a week (even while staying in hotels racing away from the hurricane), I answered support queries.

Enough about you. What about PayPal?

Remember that PayPal change I mentioned above? It didn’t happen for two years. Then it did, just a few weeks ago. Lots of Seamless Donations users discovered their sites no longer worked. Freak outs ensued. Lots of folks insisted that Seamless Donations doesn’t work with the new PayPal.

So here’s the thing. Seamless Donations does work with the new requirements PayPal has set out. When people started freaking out about it a few weeks ago, I politely answered support queries.

The message I told them, which I’m going to repeat here for everyone, is: that it’s not Seamless Donations that performs the various SSL functions needed by the new PayPal requirements, it’s your Web host. If your Web hosting provider is running out-of-date software, I can’t help.

Some Web hosts are still running OpenSSL and cURL versions dating back to the days of Windows XP. It’s terrifying.

But my site’s broken! What do I do?

There are generally five things that are causing sites to break:

  • The Web host has not properly implemented SSL support and/or updated the server’s software
  • The IPN provided to PayPal is in the obsolete format and needs to be changed
  • The donation to PayPal to back-to-Seamless Donations round trip hasn’t been properly configured
  • The IPN URL can’t be seen by the overall Internet
  • There is a compatibility issue with storing the transaction ID during the round-trip

In the next few sections, I’ll discuss all five of these in order. Buckle up.

The Web host has not properly implemented SSL support and/or updated the server’s software

Your Web host must support both TLS 1.2 and HTTP 1.1, per PayPal’s upgrade notice. In order to support TLS 1.2, your Web host’s SSL library must be up to date, along with a number of other requirements, including a PHP library called cURL. I’ve tried to avoid requiring cURL for as long as possible, but with PayPal’s new security requirements, cURL is now a necessity.

For the past two years, since Seamless Donations 4.0.20 was released, the Settings tab performed some limited compatibility tests to help users understand if their host would be compatible with PayPal. If the results block was green, you’d be good to go. If it was red, not so much. Because Seamless Donations can’t be truly sure about your host’s implementation, even if the system did report a red result (which I consider a warning, not an error), things might still work. Not often, but sometimes.

Today, I’m releasing version 4.0.21 of Seamless Donations. This version adds a “PayPal TLS test results” line to the compatibility check box on the Settings page. This may slow down your access to the settings page because Seamless Donations is now attempting to access the PayPal test URL before presenting the page. That may not be a long-term solution, but it’ll have to do for now.

Here’s what it will look like if everything works:

Notice the test results line. If you see PayPal_Connection_OK, then PayPal likes your server. If you see an error line, then PayPal does not like your server. See your server admin for assistance.

Please note that there could be other compatibility issues. I have not had the opportunity to widely test Seamless Donations on loads of configurations. Here’s the configuration I set up yesterday on my laptop to test. I’m using a local host environment called Local by Flywheel. It allows a local environment to be seen on the Internet (after a pile of scary warnings), and allowed me to round-trip test PayPal. Local is free, so you might want to download it and see if your site works there. If so, you know it’s something on your server.

In terms of versions, I’m running nginx, PHP 7.0.3, OpenSSL 1.0.1t, cURL 7.38.0, and WordPress 4.9.7.

The IPN provided to PayPal is in the obsolete format and needs to be changed

This is a common error. Although I deprecated the old, pre-David version of the Seamless Donations IPN URL, many people are still using it. The IPN is a URL PayPal uses to reply back to Seamless Donations that a transaction has completed. You grab the IPN from the Settings tab in Seamless Donations and paste it into a field on your PayPal account’s dashboard.

Here’s how to tell: if your IPN URL still has the text “dgxdonate” then it’s obsolete. Go back to the Settings tab and get the IPN that does not have that URL. As of 4.0.21, the obsolete URL (which was kept in Seamless Donations for compatibility) is no longer displayed.

The donation to PayPal to back-to-Seamless Donations round trip hasn’t been properly configured

Be sure to watch the video on setting up the PayPal round trip.

The IPN URL can’t be seen by the overall Internet

You can test this in a few ways. In the following image, you can see how the PayPal configuration is working (the red arrow) but the IPN URL itself is showing an error (blue arrow):

In the case of this example above, it’s because my computer can’t be seen on the Internet. If your development system gives this error, that’s probably why. But if your hosted Seamless Donations on a hosting provider gives this error, try a quick experiment.

Copy your IPN URL and past it into your browser. If you get a page-not-found error, then your host isn’t properly configured to surface that URL. If you get a blank page that simply displays “content-type: text/plain” then you’re good.

There is a compatibility issue with storing the transaction ID during the round-trip

This problem was addressed in the 4.0.15 release of Seamless Donations. Read this lab note for instructions on what to do.

The rest of the story

Good luck with working this out. SSL is not fun. PayPal is certainly not fun. One of the benefits of Seamless Donations originally was that it was a quick load and go, but because of scammers and criminals out there, we all need better security. SSL kind of helps that.

I find it very scary when hosting providers have older versions of OpenSSL or cURL and tell their customers it’s okay, because there are tremendous vulnerabilities in old versions. If you’re curious, here’s the change log for OpenSSL. Note that you might not be using OpenSSL, but most hosts do. Here’s the change log for cURL.

I will still try to answer Seamless Donations support queries submitted through the ticketing system. Because my life is still very much up in the air, I will probably not do any more releases (unless I find an interesting issue) for quite a while. That said, if your Settings tab reports all green and you still can’t round-trip to PayPal, let me know. But the odds are, you’re not running a current enough version of software somewhere in your Web server’s hosting stack.

That said, good luck. Let’s all have a pleasant rest of the summer.

–David