编程语言：java

调用接口：https://api.mch.weixin.qq.com/v3/certificates

问题描述：

内网服务器188.188.28.158，前置机服务器172.18.163.174，前置到互联网中间还有一个网闸172.168.200.10；有两家单位通过小程序下单前获取平台证书报错，其中一家单位错误信息为：java.net.UnknownHostException","localizedMessage":"api.mch.weixin.qq.com；另一家单位错误信息为小程序支付异常{"@type":"com.xxx.WxPayException","cause":{"@type":"java.lang.RuntimeException","cause":{"@type":"javax.net.ssl.SSLException","cause":{"@type":"java.net.SocketException","localizedMessage":"Connection reset","message":"Connection reset",

原因：问题已解决，获取平台证书接口未走正向代理，而走的内网服务器解析不了域名地址，此时实际请求是没有到前置机的（可以通过查看前置机ng日志或者抓包排查）。

改造前：

protected void autoUpdateCert() throws IOException, GeneralSecurityException {
    try (CloseableHttpClient httpClient = WechatPayHttpClientBuilder.create()
            .withCredentials(credentials)
            .withValidator(verifier == null ? (response) -> true : new WechatPay2Validator(verifier))
            .build()) {

        HttpGet httpGet = new HttpGet(CERT_DOWNLOAD_PATH);
        httpGet.addHeader(ACCEPT, APPLICATION_JSON.toString());

        try (CloseableHttpResponse response = httpClient.execute(httpGet)) {
            int statusCode = response.getStatusLine().getStatusCode();
            String body = EntityUtils.toString(response.getEntity());
            if (statusCode == SC_OK) {
                List<X509Certificate> newCertList = deserializeToCerts(apiV3Key, body);
                if (newCertList.isEmpty()) {
                    log.warn("Cert list is empty");
                    return;
                }
                this.verifier = new CertificatesVerifier(newCertList);
            } else {
                log.warn("Auto update cert failed, statusCode = {}, body = {}", statusCode, body);
            }
        }
    }
}

改造后：

protected void autoUpdateCert() throws IOException, GeneralSecurityException {

    WechatPayHttpClientBuilder builder = WechatPayHttpClientBuilder.create()
            .withCredentials(credentials)
            .withValidator(verifier == null ? (response) -> true : new WechatPay2Validator(verifier));
    String httpProxyHost = System.getenv("HTTP_PROXY_HOST");
    String httpProxyPort = System.getenv("HTTP_PROXY_PORT");

    try (
            CloseableHttpClient httpClient = (StringUtils.isNotBlank(httpProxyHost) && StringUtils.isNotBlank(httpProxyPort))
                    ? builder.setProxy(new HttpHost(httpProxyHost, Integer.parseInt(httpProxyPort))).build()
                    : builder.build();
    ) {
        HttpGet httpGet = new HttpGet(CERT_DOWNLOAD_PATH);
        httpGet.addHeader(ACCEPT, APPLICATION_JSON.toString());
        try (CloseableHttpResponse response = httpClient.execute(httpGet)) {
            int statusCode = response.getStatusLine().getStatusCode();
            String body = EntityUtils.toString(response.getEntity());
            if (statusCode == SC_OK) {
                List<X509Certificate> newCertList = deserializeToCerts(apiV3Key, body);
                if (newCertList.isEmpty()) {
                    log.warn("Cert list is empty");
                    return;
                }
                this.verifier = new CertificatesVerifier(newCertList);
            } else {
                log.warn("Auto update cert failed, statusCode = {}, body = {}", statusCode, body);
            }
        }
    }
}

参考资料：

https://developers.weixin.qq.com/community/develop/doc/0006661de608e0d4fe3bea95651000?highLine=java.net.UnknownHostException

https://developers.weixin.qq.com/community/develop/doc/000c04238e8028aa4c1eb2a6e5b000?highLine=java.net.UnknownHostException

https://developers.weixin.qq.com/community/develop/doc/000248b175c7b01669bf2e9ba54400?highLine=java.net.UnknownHostException