The answer is a full and complete “maybe.” During my testing, I discovered that some hosts had enabled some level of SSL on their sites, without a certificate. When I cut and pasted the IPN into a browser, I got back that “you might not be entering a safe space” message, which indicated that they had https set up and working, but not an actual certificate.
That sort of situation will sometimes successfully round-trip to PayPal, but I’m reasonably convinced it will break at an inopportune time. So, if it works, consider it worthy for basic testing, but when you want to do this for real, you probably should use a Let’s Encrypt free certificate or buy one. I bought a $9 for my test environment and it’s a good quality Comodo certificate.
Here is some helpful reading on SSL. To understand why we’re dealing with this, read:
https://www.zdnet.com/article/paypal-et-al-web-site-kicked-in-the-saas/
To understand SSL support in Seamless Donations, read:
https://zatzlabs.com/adding-https-support-to-seamless-donations-4-0-16/
And to follow along with the lessons I learned hand-installing my own SSL certificate, read:
https://zatzlabs.com/tricks-i-learned-installing-my-first-ssl-certificate/
–David
P.S. Marking as resolved because it’s not an open issue.
