Dear all,
I’m currently setting up a webhook endpoint for my Strava app, but Strava cannot verify or access my HTTPS callback URL.
Details:
-
Endpoint:
https://chaytructuyenapi.thaco.com.vn/api/strava/callback -
Server: Windows Server (IIS)
-
SSL Certificate: Wildcard certificate for
*.thaco.com.vn-
Issuer: Sectigo Public Server Authentication CA DV R36
-
Valid: 09 Sep 2025 – 08 Oct 2026
-
When testing with openssl s_client -connect chaytructuyenapi.thaco.com.vn:443 -showcerts, I get:
verify error:num=20:unable to get local issuer certificate
Browsers show the site as secure, but Strava’s webhook callback still fails.
I suspect the intermediate certificate (Sectigo R36 chain) might not be correctly served by IIS.
👉 Questions:
-
Does Strava’s webhook service require a full certificate chain (root + intermediate + leaf) to be served by the endpoint?
-
Has anyone successfully used Sectigo’s Public Server Authentication CA DV R36 certificate with Strava webhooks on IIS?
-
Are there any known compatibility issues with Sectigo certificates or IIS configurations?
Any advice or confirmation from the Strava team or other developers who faced similar issues would be greatly appreciated 🙏
Thanks in advance!