Blocked by Xfinity : RX Record Too Long

My domain is: https://karenferlito.com
My hosting provider, if applicable, is: Squarespace.com
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Hi,
I’m asking for a friend (really) who is new to Let’s Encrypt. Her site loads w/o issues on AT&T Uverse, cellular, and usually Comcast Xfinity, but multiple visitors using Xfinity are receiving SSL ERROR RX RECORD TOO LONG responses. Can she fix it?

1 Like

Hi @Manifesta

that error happens, if you try to connect a http site via https.

Test

https://community.letsencrypt.org:80/

https + port 80. The browser expects a small answer, but the server sends the complete output.

So first step (I don't see an error in that site):

What's the exact url with that problem?

1 Like

https://karenferlito.com/

1 Like

I tested https://karenferlito.com on my Comcast Xfinity network and it loads w/o any issues. So, the problem is spotty.

2 Likes

The url is ok, standard https, no special port (that's sometimes a reason).

Looks like there are connections forcing http. Sounds buggy / curious. Or a hacked router. Doesn't sound ok, should never happen.

PS: There is a domain check, ~~one hour old - https://check-your-website.server-daten.de/?q=karenferlito.com#url-checks

The configuration isn't good because there is a http + www result without https.

So it's possible to load the content via http. Change that -> redirects http -> https (Grade C), then one preferred version (Grade B).

1 Like

Thanks. I’ll let her know. In the meantime, I suggested she test redirecting https://karenferlito.com to https://www.karenferlito.com get around this issue until there is a fix.

1 Like

That domain check was me.

2 Likes

That redirection is currently in place; But I'm uncertain that this will change anything.

The site is hosted by SquareSpace - via 4 IPs:

Name:    karenferlito.com
Addresses:  198.49.23.144
          198.49.23.145
          198.185.159.145
          198.185.159.144

I've tried them all with both names (8 possible combinations) and can't find anything different via any of them.
I doubt that there would be anything inline to particularly affect only one of those or from a particular path... But ISPs have been running low on IPv4 addresses and some have moved their customers into the "common" 100.64 IP space - which would require doing some proxying or "creative" NATting to compensate.
Maybe that is part of the problem.
No way to know from where I'm sitting.

1 Like

Thank you for your help. We’ll poke around at our end and hope this clears up in time. If not, I’ll be back.

2 Likes

That's not the problem, see your check result.

http + www isn't redirected to https, that's bad.

You can create such a link:

https://karenferlito.com:80/

(same like the https + port 80 via community.letsencrypt.org or https://check-your-website.server-daten.de:80/ with my own site, works always).

But that's nothing a user creates manual (without intention).

Conclusion: Add http -> https links, so you don't have http + http status 200 as result.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.