Encryption works for a short time, but then it doesn't

rogers · August 4, 2022, 2:33pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: diseasemonitor.semrdemo.com

I ran this command: browser access of site shows not secure. It did work correctly for a few minutes. I didn't change anything in the meantime.

It produced this output: not secure

My web server is (include version): apache2 2.4.54

The operating system my web server runs on is (include version):Ubuntu 22.04

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.29.0

Bruce5051 · August 4, 2022, 2:38pm

Hello @rogers , and welcome to the LE community forum

~~It seems like this is a DNS issue; no DNS records for diseasemonitor.semrdemo.com nor semrdemo.com~~
DS Lookup - Check DNS DS Records of a Domain
DS Lookup - Check DNS DS Records of a Domain

Scratch that I was using the wrong tool

Certificate Transparency logs looks fine.

rogers · August 4, 2022, 2:41pm

Hmm. Must be an issue with godaddy. I set this up hours ago. Thank you. At least now I know where to look.

Will I need to reinstall the certs once DNS is working properly?

MikeMcQ · August 4, 2022, 2:43pm

I don't see the same DNS problem that Bruce describes.

I connect just fine using both http and https to that domain name.

What I do see is that you accept connections on http where you should be redirecting those to https. Could the problem you see be related to not using https:// specifically?

rogers · August 4, 2022, 2:45pm

Of course, I've tried that a number of times and seen failures. But just now when I did, all is working correctly. I'm going to start drinking early today

Bruce5051 · August 4, 2022, 2:46pm

Sorry I messed up; used the wrong tool.

MikeMcQ · August 4, 2022, 2:46pm

You should redirect http requests to https. Who or how did your Apache config get updated?

curl -I http://diseasemonitor.semrdemo.com
HTTP/1.1 200 OK
Date: Thu, 04 Aug 2022 14:45:35 GMT
Server: Apache/2.4.54 (Ubuntu)
Upgrade: h2,h2c
(other headers omitted)

rogers · August 4, 2022, 2:47pm

I did that.
Will correct it now.

Bruce5051 · August 4, 2022, 2:47pm

SSL Labs test good SSL Server Test: diseasemonitor.semrdemo.com (Powered by Qualys SSL Labs)

rogers · August 4, 2022, 2:52pm

Hmm. My rewrite was there. servername was incorrect.

Bruce5051 · August 4, 2022, 2:54pm

Using Redirect Checker | Check your Statuscode 301 vs 302 with http://diseasemonitor.semrdemo.com
I does not show any redirect.

rogers · August 4, 2022, 2:55pm

I just corrected is 20 seconds ago.

MikeMcQ · August 4, 2022, 2:56pm

Yeah, I see it redirect fine.

curl -I http://diseasemonitor.semrdemo.com
HTTP/1.1 301 Moved Permanently
Date: Thu, 04 Aug 2022 14:55:35 GMT
Server: Apache/2.4.54 (Ubuntu)
Location: https://diseasemonitor.semrdemo.com/

rogers · August 4, 2022, 2:57pm

Thank you guys. Your help was greatly appreciated.

Bruce5051 · August 4, 2022, 2:57pm

Yes you did as shown here:

Rip · August 5, 2022, 1:19am

I can se it. Looks good to me.