New clients often ask why Phaxio is reporting ‘0’ when sending callbacks to their domain. Phaxio records an HTTP status of ‘0’ if we were unable to hit the supplied URL at all, usually because of a DNS or SSL issue. When we get support requests relating to ‘0’ responses, the first thing I typically check is to see if the callback URL is using SSL. If it is, the culprit is usually a missing intermediate SSL certificate.

At a basic level, the intermediate certificate sits between the SSL certificate you’ve been issued by an SSL reseller, and a Certificate Authority. Certificate authorities are companies that browsers automatically trust when verifying a SSL certificate. Like a guarantor, your browser trusts my SSL certificate because it trusts the certificate authority that issued it to me. There are currently four certificate authorities: Symantec (GeoTrust), Comodo, GoDaddy, and GlobalSign.

If you bought your SSL certificate from a reseller (i.e. not one of the four companies listed above), you need to make sure that an intermediate certificate has also been installed on your server. This intermediate certificate links the reseller from which you bought your certificate to a trustworthy CA.

For example, if you bought an SSL certificate from RapidSSL, you need to install both the certificate issued to you and RapidSSL’s intermediate certificate which links them back to GeoTrust (Symantec), an authorized certificate authority.

How can you tell if the ‘0’ response you’re getting is because of a missing intermediate certificate? cURL the domain of your callback URL. If you see something like:

"error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

circle back to your SSL issuer and inquire about an intermediate certificate.