It takes a long time to establish the TLS connection and always fails when I using educational network in China ( the network for college students). But when I visit it via http using the same pc, same network, I can connect with it in several seconds. And, if I turn on the proxy, using the network in America instead, I will be able to visit the website via https quickly. So what should I do? I cannot use Let’s encrypt in China using educational network? Or how can I find the problems with my website. Thanks.
I’m also able to load this site quickly from an Internet connection in the United States. I guess it is physically hosted in New Jersey, on the U.S. East Coast.
The Chinese Internet is known to interfere with connections to many sites outside of the country so it’s possible that your site is being intentionally slowed down or blocked (not necessarily because anyone is targeting you, but maybe, for example, because of other sites that are hosted at the same provider?). Blocking HTTPS connections is more likely than blocking HTTP connections because they are harder to monitor and control.
You could try some other tools to try to diagnose the problem in more detail. Do you have access to a Unix command line on a machine your educational network?
You could also ask the hosting provider to be sure that they’re not blocking incoming connections from particular networks (for example, for suspicion of being the origin of a lot of spam e-mails).
I tested a few key endpoints using websitepulse.com and I noticed that their site loads fine, but ocsp.int-x3.letsencrypt.org often, but not always, takes excessively long to respond from some locations in China, particularly Shanghai.
@flyzy2005 if you could enable OCSP Stapling on your server (or ask your provider to) it would probably reduce the issues you’re seeing.
But, not all clients support this so it would still be very helpful (for you and everyone visiting sites that use Let’s Encrypt in China) if you could help the LE team with information from your network vantage point.
I have no access to a Unix command on my educational network. But I think it is not due to blocking, since I can connect it quickly sometimes using the same network. I have no idea on diagnosing the problem since I have no experience on it. But when I cannot connect it, the messages on Chrome and Firefox both show me that "Establishing TLS handshakes..."
But when I used http to visit another website hosted on the same VPS, it could response quickly. So I suspected that it was caused by https. And of course, I have clear all the cache.
And now I find a particular educational network (using by one of my friend), I cannot establish https at all. Chorme always tells me that my website(flyzy2005.cn) maybe does not work now, but I can also get connect to that http website.
I also suspected that it may be caused by my VPS. But if I chose 阿里云, 备案 in China would be a problem. And compared with Vultr, the VPS with same size, price in aliyun is much higher - -
Anyway, thank you very much for you test and reply!