A weird problem with SSL

I’m struggling with weird problem with a site that I can not resolve. When I access the main domain using https - without using www - the page loads without problems (or with mixed content notice), but when I use www it appears a warning in several browsers. In Chrome the warning is: ERR_SSL_VERSION_OR_CIPHER_MISMATCH. When accessing subdomains there are no problems.

In ssllabs.com the site has overall rating A in all situations, but when I add www to the main domain it appears the warning: “Failed to communicate with the secure server”. How to solve this?

TIA,

Antonio

You could start by providing the actual domain name...

When you hide the real domain then we can only provide guesses.
When you provide a real domain then we can do real investigations and propose adequate solutions.

Until then, here are my GUESSES:
"when I add www..." = The current cert doesn't include the WWW - get a new cert with both names in it.
"with mixed content notice" = not all content provided via TLS(SSL) - see: https://www.whynopadlock.com/

Test addresses below and check it out. If you test main domain will give error - with or without www - because the CMS is Wordpress and is set to serve pages with www.

https://jornaldamidia.com.br/noticias/index/blogs.shtml
https://www.jornaldamidia.com.br/noticias/index/blogs.shtml

Beyond my guessing…
The two names do NOT go to the same IP address:

  1. jornaldamidia.com.br
    Name: jornaldamidia.com.br
    Address: 199.223.114.76

  2. www.jornaldamidia.com.br
    Name: www.jornaldamidia.com.br.cdn.cloudflare.net
    Addresses: 104.31.71.36
    104.31.70.36

It seems you forgot to mention that CLOUDFLARE is also involved.

Even with Cloudflare off, the problem continues.

OK I see the problem now.
Even if I adjust the IP (manually) to point the WWW to the root domain, it fails to connect securely.
The reason for this is unknown to me…
OpenSSL tests return the correct certificate.
openssl s_client -connect jornaldamidia.com.br:443 -servername www.jornaldamidia.com.br

My first guess was incorrect as Cloudflare involvement was then unknown.
As for my second guess, it was correct as the page has a lot of http references. Like this one:
<img itemprop=“logo” src=“http://www.jornaldamidia.com.br/portal/wp-content/uploads/2015/08/jm-logo405x60.png” alt=“Jorn al da Mídia”/>
It could be replaced with non protocol specific links, like:
<img itemprop=“logo” src="//www.jornaldamidia.com.br/portal/wp-content/uploads/2015/08/jm-logo405x60.png" alt=“Jorn al da Mídia”/>
or self-referencing implied links, like:
<img itemprop=“logo” src="/portal/wp-content/uploads/2015/08/jm-logo405x60.png" alt=“Jorn al da Mídia”/>
Not sure how that is done in WordPress.

In an unrelated finding…
I think they refer to this as IRONY:
IRONY
https://www.ssllabs.com/ssltest/analyze.html?d=www.whynopadlock.com

For some reason, the CloudFlare server in question is not serving HTTPS at all. That part of the problem probably needs to be resolved by CloudFlare or they’ll need to give different instructions for how to point the site to their CDN.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.