Encountering a redirect loop error through CertSage

I am sorry to hear that. You might try reviewing this list

3 Likes

Again, I'm not convinced that it's GoDaddy. I'm using GoDaddy shared hosting (have for many years) and I've never had this issue. Admittedly, it would be nice if GoDaddy would help resolve the issue. Have you tried asking in GoDaddy's community forum? If you decide to do that, please be sure not to frame the problem as a certificate issue (because it's not a certificate issue). The 302 redirect loop should be the focus.

3 Likes

I think a more serious problem that I (again) reproduced is the "reset by peer". These 3 requests were made within seconds of each other. And, as with the odd 302, if I wait a bit after the 200 OK I will again get "reset by peer" once or twice before another 200 OK.

This almost has to be something in GoDaddy settings. Or, some odd security product. An Apache problem would be more consistent. An earlier thread I linked to earlier was resolved when GoDaddy adjusted something (wish they would have said what)

curl -i https://yidefaze.org
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to yidefaze.org:443

curl -i https://yidefaze.org
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to yidefaze.org:443

curl -i https://yidefaze.org
HTTP/2 200
vary: User-Agent,Accept-Encoding
last-modified: Mon, 22 May 2023 09:44:00 GMT
accept-ranges: bytes
content-length: 59658
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
content-type: text/html; charset=UTF-8
date: Mon, 22 May 2023 15:00:38 GMT
server: Apache
3 Likes

I think a more serious problem that I (again) reproduced is the "reset by peer". These 3 requests were made within seconds of each other. And, as with the odd 302, if I wait a bit after the 200 OK I will again get "reset by peer" once or twice before another 200 OK.

I am getting similar errors with my hosting service, as well. Some attempts fail during the TLS handshake and some attempts return the expected HTTP 404 Not Found response.

$ curl --verbose --insecure https://andersongomes.tech/.test/this-file-does-not-exist.txt
*   Trying 43.255.154.37:443...
* Connected to andersongomes.tech (43.255.154.37) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* Recv failure: Connection reset by peer
* OpenSSL SSL_connect: Connection reset by peer in connection to andersongomes.tech:443 
* Closing connection 0
curl: (35) Recv failure: Connection reset by peer
$ curl --verbose --insecure https://andersongomes.tech/.test/this-file-does-not-exist.txt
*   Trying 43.255.154.37:443...
* Connected to andersongomes.tech (43.255.154.37) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=andersongomes.tech
*  start date: Mar 10 07:17:45 2023 GMT
*  expire date: Jun  8 07:17:44 2023 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /.test/this-file-does-not-exist.txt]
* h2h3 [:scheme: https]
* h2h3 [:authority: andersongomes.tech]
* h2h3 [user-agent: curl/8.0.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x5639c4952470)
> GET /.test/this-file-does-not-exist.txt HTTP/2
> Host: andersongomes.tech
> user-agent: curl/8.0.1
> accept: */*
> 
< HTTP/2 404 
< accept-ranges: bytes
< vary: Accept-Encoding
< content-length: 1699
< content-type: text/html
< date: Mon, 22 May 2023 20:50:05 GMT
< server: Apache
< 

I'm using GoDaddy shared hosting (have for many years) and I've never had this issue.

I have been using GoDaddy for three years and this is the first time I am experiencing this issue. I wish I could be as luckier as you are.

Unfortunately, the issue appears impossible to reproduce from within customer service's workstations because they are likely inside infrastructure boundaries and have direct access to the web server. Sadly, instead of trying to convince me about a possible problem on my client side, they came to this topic and shared with me the same Food for thought article that you shared, without even assessing that I am not running Wordpress in my hosting service.

The WebSniffer service is showing the same results I am getting from my test workstation and, despite of that, GoDaddy's customer service insisted on saying that nothing was wrong with the service without trying to convince me why.

Connections via HTTP protocol return HTTP/1.1 302 Found responses.

Connections via HTTPS protocol fail before the HTTP transaction starts.

Admittedly, it would be nice if GoDaddy would help resolve the issue.

They didn't. They asked me to check for issues with a programmer, instead.

This time, I am going to create some basic knowledge questions about networks and OSI layer and ask webhosting's customer service to answer my questions before I sign up.

2 Likes

Somebody out there must be aware of a recent change in the evidently common stack that implemented this 302 with relative location. Considering that this likely affected many millions of users, I just can't realistically believe we're the only ones noticing and discussing this.

3 Likes

It's not just a recent change though. I posted the below thread from last July earlier in this thread which has very similar symptoms. They got theirs resolved by working with GoDaddy

There can be infrastructure issues that would affect only a subset of customers.

4 Likes

An update with my case: whatever had been misconfigured in GoDaddy's infrastructure was resolved, I am no longer getting HTTP/1.1 302 Found responses on requests to non-existing files, and I successfully got a new Let's Encrypt certificate for my domain.

$ curl --verbose http://andersongomes.tech/.test/this-file-does-not-exist.txt
*   Trying 43.255.154.37:80...
* Connected to andersongomes.tech (43.255.154.37) port 80 (#0)
> GET /.test/this-file-does-not-exist.txt HTTP/1.1
> Host: andersongomes.tech
> User-Agent: curl/8.0.1
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Date: Sun, 28 May 2023 06:06:41 GMT
< Server: Apache
< Upgrade: h2,h2c
< Connection: Upgrade
< Accept-Ranges: bytes
< Vary: Accept-Encoding
< Content-Length: 1699
< Content-Type: text/html
< 

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.