Can't connect to my websites through https


#1

Hi. Yesterday I had a problem with all my websites ( 7 websites and they all have let’s encrypt certificates ) and couldn’t connect to any of them through https! curl was giving me " (35) Unknown SSL protocol error in connection ".

It was strange that all of them happened to have that problem at the same time and without changing any of the configuration at all.

Worth mentioning that I was able to connect to them with https through proxy but not through my ip (Wifi or mobile data).

Is it something with my ISP (I was connecting to facebook, google, etc… on https normally) ? and what could be the reason for that? they are all working again now normally (except one) through https and again without changing anything.

EDIT: Just after posting this I was checking the websites again and the problem is back!


#2

It sounds like a miss-configuration on your apache / nginx.

Can you provide a little more detail about your setup ? ( domain name, operating system, apache / nginx / other version … )


#3

domain name: droopksa.com
system: ubuntu 14.04
server: nginx

IIRC I did the configuration 2 weeks ago and everything was working normally until yesterday and I haven’t changed any of the configuration since then. Right now I can only connect to the website through http.


#4

Well, it works fine for me, so hopefully working for most people.

What browser are you using ? can you try a different one, and clear the cache on the browser ?


#5

browsers: chrome, firefox, edge, android chrome, ios safari (on different computers and phones)
networks: wifi and mobile data

Is there any chance that this problem is caused by the ISP?


#6

Yes, it’s possible - can you connect OK via a proxy ?


#7

Yes … and I can curl the https requests from any of my servers to another, but when I do curl on my computer I get “(35) Unknown SSL protocol error in connection”.

If it was caused by the ISP, are they blocking the requests to 443 ports? I have an eighth website that wasn’t affected by all the problems while It has the same configuration as the other 7! what could be the problem if it was caused by the ISP?


#8

what’s the 8th site that is OK ? maybe there is some configuration difference ( for example the droopksa.com site does allow weak Diffie-Hellman (DH) key exchange ( see https://www.ssllabs.com/ssltest/analyze.html?d=droopksa.com ) maybe your ISP is being proactive and blocking due to that - you may want to check the 8th site and see if it is the same or there are differences.


#9

domain name: prayer-now.com
This is the domain that wasn’t affected by the problem since it started yesterday


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.