This ticket is a bug report for the CoinPayments WooCommerce plugin.
Problem
The CoinPayments infrastructure fails 100% of the time to provide an IPN to WooCommerce stores on Onion Services
I noticed that many of my orders in WooCommerce never get updates from CoinPayments. They stay stuck in the “Pending Payment” state.
Today I isolated the issue by logging into my CoinPayments account, and going to Accounts → IPN History
I opened the “View IPN” for the rows where “Sent Successfully = No”, and I found the IPN URL was set to http://buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/?wc-api=WC_Gateway_Coinpayments
Furthermore, I found that 100% of the orders where this IPN URL was set to the our WooCommerce store’s .onion domain had Sent Successfully: No.
It seems quite likely to me that your CoinPayments server cannot access Tor Onion Services
Why this matters
Fun fact: the most popular website on the darknet is facebook. There are hundreds of other popular sites on the darknet, including debian, the CIA, the NYT, the BBC, ProPublica, and e-commerce websites.
All of these organizations chose to make their websites available over .onion addresses so their website will be accessible from millions of daily tor users without leaving the darknet. Besides the obvious privacy benefits for journalists, activists, cancer patients, etc --- Tor has a fundamentally different approach to encryption (read: it's more secure).
Instead of using the untrustworthy X.509 PKI model, all connections to a v3 .onion address is made to a single pinned certificate that is directly correlated to the domain itself (the domain is just a hash of the public key + some metadata).
Moreover, some of the most secure operating systems send all the user's Internet traffic through the Tor network --- for the ultimate data security & privacy of its users.
In short, e-commerce customers are much safer sending payment info at checkout when using a .onion domain than its clearnet domain.
Solution
To fix this bug, a few things are recommended:
- Install and run the tor daemon on your server that’s executing the IPN callback queries
- Test to make sure it’s working
- Add automated unit tests to your CI on GitHub, so that future issues with this corner case are caught before new versions of this plugin are released
This ticket is a bug report for the CoinPayments WooCommerce plugin.
Problem
The CoinPayments infrastructure fails 100% of the time to provide an IPN to WooCommerce stores on Onion Services
I noticed that many of my orders in WooCommerce never get updates from CoinPayments. They stay stuck in the “Pending Payment” state.
Today I isolated the issue by logging into my CoinPayments account, and going to Accounts → IPN History
I opened the “View IPN” for the rows where “Sent Successfully = No”, and I found the IPN URL was set to
http://buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/?wc-api=WC_Gateway_CoinpaymentsFurthermore, I found that 100% of the orders where this
IPN URLwas set to the our WooCommerce store’s.oniondomain hadSent Successfully: No.It seems quite likely to me that your CoinPayments server cannot access Tor Onion Services
Why this matters
Fun fact: the most popular website on the darknet is facebook. There are hundreds of other popular sites on the darknet, including debian, the CIA, the NYT, the BBC, ProPublica, and e-commerce websites.
All of these organizations chose to make their websites available over
.onionaddresses so their website will be accessible from millions of daily tor users without leaving the darknet. Besides the obvious privacy benefits for journalists, activists, cancer patients, etc --- Tor has a fundamentally different approach to encryption (read: it's more secure).Instead of using the untrustworthy X.509 PKI model, all connections to a v3 .onion address is made to a single pinned certificate that is directly correlated to the domain itself (the domain is just a hash of the public key + some metadata).
Moreover, some of the most secure operating systems send all the user's Internet traffic through the Tor network --- for the ultimate data security & privacy of its users.
In short, e-commerce customers are much safer sending payment info at checkout when using a .onion domain than its clearnet domain.
Solution
To fix this bug, a few things are recommended: