All domains with certificate time out

Good Morning,

I'm having a lot of timeout on all the websites I have with a let's encrypt certificate.

On the other hand, if you run the web from my server, everything is OK, but from outside it is intermittently having timeouts.

The domains that I have that do not have a certificate always work.

Please I need urgent help to be able to understand what is happening and to be able to solve it.

I give you an example website:

https://www.lawyertys.com/

1 Like

Hi @arian82, and welcome to the LE community forum :slight_smile:

The domains with certificates use HTTPS (TCP port 443).
The domains that do not have a certificate use HTTP (TCP port 80).
So the problem is with port 443 and it NOT being able to reach your IIS server.
Is there a router, NATing device, or a firewall that should be checked to ensure those connections are being allowed and forwarding to the right system?

1 Like

@arian82 I see that website is very slow to respond. I also saw you redirect http to https. That is normally good practice. But, as a test, try removing that redirect so you can see whether accessing the site through http: would be any faster than https:

It is hard for me to see how a certificate would slow a site down that much. But, doing the test to not redirect http for this specific site would prove it one way or the other. I think you are going to find something is just very slow on that site.

2 Likes

I have not touched anything on the server, since years it has been working OK.

Suddenly one day I started seeing timeouts intermittently. I have the webs in cloudfare due to DDOS attacks. But more than a 1 year without problems since I have cloudfare.

It is as if there has been a dns change or something that is affecting me.

1 Like

The currently resolved IP isn't managed by Cloudflare:

Name:    lawyertys.com
Address: 51.159.93.141
Aliases: www.lawyertys.com

Name:    51-159-93-141.rev.poneytelecom.eu
Address: 51.159.93.141

Is the system running hot (very high CPU or very low memory)?
Is it being DDoSed now?

1 Like

The domain registration is OVH Spain. But the dns server is managed by cloudfare. I don't have 100% CPU or memory.

I have removed the automatic redirect I have done a google pagespeed test with http and with https. Http is working fine but https seems to be either not working or very slow.

1 Like

I don't think that alone gives your sites any DDoS protection :frowning:

Perhaps there is an ongoing exploit (or attempt at an exploit) of the IIS 8.5 system.
[IIS 8.5 is kind of old now and perhaps should be updated - do you do Windows Updates regularly?]
I would put anything and everything Windows (including IIS) behind a good firewall and a proxy - LOL.

1 Like

From inside the server it works for me with https but from outside right now for example it does not work:

https://www.lawyertys.com/

you can try and see the results.

1 Like

I'm not even getting a TLS handshake.. Where a few minutes ago that was working fine.

There most likely is something wrong with either your server (please check the webservers event log) or perhaps any firewall or something like that in between.

Or a DDoS as @rg305 already hinted at. Your provider Online can probably tell you if that's the case. Note that attacks such as a SYN flood doesn't have to cause 100 % CPU, memory nor a lot of network traffic.

Also note that currently while your HTTPS site isn't working, I can't reach your HTTP site either. So this is not limited to HTTPS, nor to the Let's Encrypt certificate.

2 Likes

SSL Labs can't stay connected long enough to rate the site:
SSL Server Test: www.lawyertys.com (Powered by Qualys SSL Labs)

1 Like

@Osiris I cannot reach his http site right now either. But, just after arian's post about removing the redirect I saw the http site instantly but the https site took very long - maybe a minute or more. This matches their post about google page speed test.

That said, I agree that it is not likely related to the LE certificate. Perhaps his server or html processing does something different when invoked via https that causes the slowdown. The problem seems better suited to a server performance forum.

As an aside, I only ever saw a response from the https site using curl - the length of time to respond was too long for my browser timeout.

Sun 2:41pm eastern: the http site is again redirecting to https and https is now responding rapidly. The LE cert is still in place. I hope the OP explains - I am curious

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.