Everything seemed to work fine, but then SSL stopped working


#1

A few days ago, I started with letsencrypt. We already had a SSL certificate for certain pages, but not sitewide (eg for payment pages, we never had any problems with those).
It’s a Windows Server with Apache, so I generated everything with letsencrypt-simple-win client. Updated my https-ssl.conf file to use the new certificates, restarted Apache and voila, everything worked fine for our test domain.

After making sure everything worked on test, I repeated the steps for our production domain. Everything went smooth and after some more testing I sent out an email to others involved letting them know that we now had sidewide SSL.

No 20 minutes later I get a panicked mail that our site was down. Somehow the website timed out. So I disabled the forced use of SSL and could reach the site via http just fine. The apache service is also still running and I can’t find anything of interest in the log files. Still https keeps timing out.

So after some googling, some minor config changes and some more testing on our test site (which is by the way hosted on the same server, just another subdomain), I tried again yesterday. Again, it took about 20 minutes before SSL went down.

I’m no server admin, just a webdev, so my knowledge about this stuff is limited. What can I do to troubleshoot?


#2

If it’s working for 20 mins, then stops working, I’d check your log files to see if there are clues there. There is noting in the general Apache that would stop it working ( it either works, or doesn’t … rather than only working for a while).

What happens when it’s not working ? is it that there is no communication at all ? there is an incorrect certificate ? if so for what domain ? ,


#3

there’s nothing of interest in the log files. Nothing in the error logs, just a regular request in the access logs.
There’s no error, just a timeout (the server is taking too long to respond). But only when I go to https. When I try to reach the same site through http it’s fine.


#4

is the DNS OK ?

Are you happy to provide your domain name ?


#5

no sorry, not allowed to post the domain name on a public forum :slight_smile: (this forum doesn’t seem to have private messages, or am I blind?).

Could dns errors cause SSL to crash? A quick online test tool showed some errors for the www url, which is our default (non www traffic gets redirected). The non www url showed no errors in this test tool.


#6

I’ve sent you a private message.

DNS won’t cause the SSL to crash, no - but could be giving issues with redirects that you tend to notice more with https for some reason.


#7

You do realise all the certificates issued by Let’s Encrypt are publically viewable and send to certificate transparency logs?


#8

yes I do realize that, it’s just that I don’t want the url to come up in google as having ssl issues, i.e. I don’t want it connected to this topic :wink:


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.