I am in the process of developing and deploying a new app. Here is my current setup: I hosted a shopify app on VPS and on the same VPS I am also hosting a website. My plan is to keep the website on the standard https 443 port and shopify app on custom 8443 port. But my ssl cert fails when I run auto checks on shopify partner app dashboard - in my toml file I did mention application URL as shopify-app-url:8843 . However if I use 443 port for shopify app it works great - Does shopify auto validator constrained to check SSL on 443 no matter what even if we specify custom port in application url?
This will again be a problem if I plan to host one more shopify app as 443 port will be consumed by my first app. Any suggestions here or am I missing anything here?
Hey @Gagan_Arora we’d usually recommend using a subdomain approach (like app.yourdomain.com ) with a reverse proxy on your side routing to your internal port 8443 - this is should work reliably with our SSL validation and OAuth flows.
Could you let me know what specific error messages you’re seeing when the SSL validation fails with port 8443, and can you confirm if when on port 443 the SSL checks pass successfully? I’m happy to dig deeper into our validation system on our end to see if this is a possible bug or expected behaviour, but the subdomain solution would definitely be our recommendation here and scale well for multiple apps. Hope this helps a bit!
Thank you @Alan_G for the reply. I am getting following error when using port 8843:
The common name (or SAN) of your TLS/SSL certificate doesn’t match the domain shown in the browser.
Yes on port 443 it succeeds . I am using subdomain for sure, but challenge is auto validation fails for any port != standard https 443 port. I already have reverse proxy but shopify always needs to be exposed externally on 443 else it will fail.
Hey @Gagan_Arora, thanks for the extra details! Just to make sure I can dig into this properly on our end, could you share a bit more about your reverse proxy setup - specifically what software you’re using (nginx, Apache, etc.) and whether it’s listening on port 443 externally and forwarding to your internal 8443 port?
Also, when you set your application_url in the toml file, are you including the port number like https://app.yourdomain.com:8443 or just https://app.yourdomain.com? The reason I ask is that typically the subdomain approach should have the reverse proxy handle SSL termination on standard port 443 externally, then forward to whatever internal port your app uses, and your application_url shouldn’t include a port at all. If you could share your reverse proxy config snippet (with any sensitive bits redacted) and confirm exactly what URL format you’re using in your toml, that would help me understand whether this is something we need to look into internally or if it’s a configuration tweak on the proxy side. Hope to hear from you soon.
Hey @Alan_G I figured out the issue with my nginx setup. Thanks for your guidance.
My follow up question - How do I trigger back : Automated checks for common errors button ? In my current scenario since it all passed it shows me all checked and no way for me to re-run the automated check.
One more question when I am getting ready to submit app - on Privacy policy URL field - it’s not accepting any port in URL - is it intended? it accepts: www myPrivacyURL com but not www myProvacyURL:8843
we’d usually recommend using a subdomain approach (like