Blocked by Xfinity : RX Record Too Long

My domain is:
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I’m asking for a friend (really) who is new to Let’s Encrypt. Her site loads w/o issues on AT&T Uverse, cellular, and usually Comcast Xfinity, but multiple visitors using Xfinity are receiving SSL ERROR RX RECORD TOO LONG responses. Can she fix it?

1 Like

Hi @Manifesta

that error happens, if you try to connect a http site via https.


https + port 80. The browser expects a small answer, but the server sends the complete output.

So first step (I don’t see an error in that site):

What’s the exact url with that problem?


1 Like

I tested on my Comcast Xfinity network and it loads w/o any issues. So, the problem is spotty.


The url is ok, standard https, no special port (that’s sometimes a reason).

Looks like there are connections forcing http. Sounds buggy / curious. Or a hacked router. Doesn’t sound ok, should never happen.

PS: There is a domain check, ~~one hour old -

The configuration isn’t good because there is a http + www result without https.

So it’s possible to load the content via http. Change that -> redirects http -> https (Grade C), then one preferred version (Grade B).


Thanks. I’ll let her know. In the meantime, I suggested she test redirecting to get around this issue until there is a fix.

1 Like

That domain check was me.


That redirection is currently in place; But I’m uncertain that this will change anything.

The site is hosted by SquareSpace - via 4 IPs:


I’ve tried them all with both names (8 possible combinations) and can’t find anything different via any of them.
I doubt that there would be anything inline to particularly affect only one of those or from a particular path… But ISPs have been running low on IPv4 addresses and some have moved their customers into the “common” 100.64 IP space - which would require doing some proxying or “creative” NATting to compensate.
Maybe that is part of the problem.
No way to know from where I’m sitting.

1 Like

Thank you for your help. We’ll poke around at our end and hope this clears up in time. If not, I’ll be back.


That’s not the problem, see your check result.

http + www isn’t redirected to https, that’s bad.

You can create such a link:

(same like the https + port 80 via or with my own site, works always).

But that’s nothing a user creates manual (without intention).

Conclusion: Add http -> https links, so you don’t have http + http status 200 as result.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.