Cool, we can see if we can reproduce the certificate thing, but I want to double check and see if I can clarify a bit more, since this looks so much like something that is really easy to do and you definitely wouldn’t be the first to run into it.
If you have PHP code to:
1 listen to POST requests on https://www…de/_as_webhook/index.php from Asana and give it back the header
and in the same PHP code to
2 make a POST request to “https://app.asana.com/api/1.0/webhooks” to ask to create the webhook
you will definitely see this error unless you explicitly set your PHP code to run those two actions in different threads or processes. This is notably very “gotcha”- esque, because when you curl your own PHP server from the outside everything is fine, because it’s not at that moment blocked on asking Asana to create the webhook, it’s idly waiting by for any incoming requests. It’s only when your script is waiting for the response from Asana while creating the webhook that it happens.
So, I guess I would ask if you have tried making that second request, the one to ask Asana to create the webhook, from curl? The response from curl against your PHP server looks fine, so if you can try to create the webhook and get a 200 OK response I think that’s how we’ll know that this is the PHP-is-blocked case.