ssl problem

Started by dragon, Jul 04, 2022, 12:42 AM

Previous topic - Next topic

dragonTopic starter

Hello,
There was a problem with the ssl certificate on the site, it is loading and after some time it stops loading ssl and, accordingly, the site becomes unavailable. Wrote to those support. they replied:

- Rather, the problem was not in the certificate. But it could be incorrect.
There were problems with DNS, we have now fixed it, work has resumed.
Your site is already open for new visitors. We apologize for the temporary inconvenience.

The site did not work correctly (checked with new users), then they answered like this:

- It's because of the DNS, the correct entry pulls up, then the wrong one. It takes time for the corrected settings to spread over the Internet. The caching time for DNS records is 3 hours. So no more than 3 hours. In some cases, providers ignore the caching time set on the hosting dns, then it can be a little longer.

More than 3 hours have passed, the problem has not gone away. Maybe someone has come across something similar. If dns were changed, and here I don't understand ssl.
  •  

JSImediaJS123

Your server gave a crooked certificate, that's the problem.

You can assume another situation, it was not your ip that was resolved by the domain name, getting to another site received such a crooked cert.
(Which would be related to jambs in dns).

A certificate is a verification that a given domain name belongs to you (authentication), and not to someone else + a pair of keys that are used for electronic signature and generation of a session key, which in turn is used to encrypt traffic between the server and client and protect traffic from external influence

And the domain name must be resolved into the ip of your web server. A-record with this match must be distributed by your NS
  •  

Ali_Pro

#2
Take control of Cloudflare services. If the hosting provider allows. Either they will issue their own certificate, or you can use the one you already have.
Ali.
  •  

nancyfromafrica

For those who are trying to access an obviously insecure website, there are a few things you can do in your browser and operating system to solve the problem:

Check the time and date: no, not on your wristwatch or calendar, but on your device's operating system. This may seem like a minor consideration, but if your device's time completely diverges from the validity period of the SSL certificate, it will be considered outdated. If that is a problem, the message may also say "NET ::ERR_CERT_DATE_INVALID".
Clear the cache for that site: Website cookies may cause an error message to appear if, for instance, your browser has an old SSL certificate cached for this site. You may also come across "ERR_TOO_MANY_REDIRECTS" as part of your error message.
Clearing cookies in Chrome is very simple, press Ctrl + Shift + Del or:
Open Chrome and click the menu (three vertical dots in the upper right corner of the browser).
In the drop-down menu, click Options. At the end of the page, click "Advanced".
In the Privacy and Security field, select Clear Browsing Data.

Here you can delete all browsing data or only cookies related to the website you are trying to visit.
Update Chrome and your operating system. Sometimes the SSL certificate error may simply be related to using an outdated version of Chrome. To make sure you have the latest version, click the menu. If you have an older version of the browser, you will see the "Update Google Chrome" button. While you are working, make sure that the latest version of the operating system is installed on your device, as that can also contribute to error messages (for instance, when root certificates of certification authorities are not installed, updated).

Disable Chrome extensions: Sometimes the settings of certain browser extensions may interfere with access to a web page. To find out if this works when you disable your extensions, go to settings again. Click Extensions in the menu on the left. Disable your extensions and restart the browser.
Check your firewall/antivirus software: Sometimes antivirus software settings may treat certain HTTPS traffic as suspicious. To find out if this is interfering with your access to certain sites, you can either disable the firewall or antivirus completely, or (if it has that option) disable SSL scanning. This option should only be used if you are sure that the site you are trying to access is really secure.
If you have tried all these fixes and nothing has helped, most likely it is a real problem with the SSL certificate of the website itself, as described in the previous section. In that case, you may also receive one of the following messages:

This page is unavailable -

NET :: ERR_CERT_COMMON_NAME_INVALID;

NET :: ERR_CERT_REVOKED;

NET :: ERR_CERT_AUTHORITY_INVALID;

ERR_SSL_WEAK_EPHEMERAL_DH_KEY;

ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

If you still want to access the website, you have two options:

Contact the webmaster or site owner and let them know that there is a problem with their SSL certificate.
(We strongly do not recommend that one.) Continue to go to a website with an insecure connection at your own risk.
  •