Hello,
Our site is not accessible from the outside but it is accessible locally. I don't know what is the problem.
The whynopadlock site tells me that the SSL certificate tests failed and it asks me to be sure that we can connect to our site via SSL
Our site is accessible in https inside the university. Can you give me an idea of what it could be
My domain is:
https://elearning.univ-bejaia.dz/
Thank you in advance for your help
It looks to me that when trying to connect, the connection just closes immediately without TLS being negotiated. Probably, you have some firewall in place or the like stopping the connection, or the server isn't actually running properly. I'm not sure if there's much people here can do in order to help you; you'd need to look at logs on your firewalls and on your servers to see where the packets are going and what is closing the connection.
thank you very much for your answer, our site is accessible inside the university (locally) in https, it is not accessible from the outside (from the internet). The problem occurred right after the firewall manager updated the firewall. I would like to know if the firewall can cause this problem.
I'll check in the server logs, I don't have access to the firewall, I'll ask his manager to check.
Thank you very much for your help.
I'm not sure what you've managed to do in 1 hour time in the later afternoon / early evening, but from my point of view (Europe), your site is perfectly reachable through HTTPS.
Yes, it is accessible just now because the firewall manager has just restarted the firewall. But, it becomes inaccessible again after a while, I don't know why. So I guess it's not a certificate issue. Maybe the firewall is blocking connections after a certain number of users access the site?
I have no idea why your firewall is acting up so strangely, but I indeed agree with you that this most likely is NOT a problem with the certificate.
Thank you very much for your help
I'll keep looking, hoping I find something.
unfortunately, the site is inaccessible again
The connection is terminated by your IP address (from my point of view unknown if that's the firewall or something else behind that IP address) after the client has send its "ClientHello" message from the TLS protocol.
It's impossible to know why from here. There could be something in the webservers log or there could be something in the firewalls log.
what is strange is that other sites are accessible for example
I did not find anything special in the server logs knowing that the site is accessible inside the university at the moment
I will see with the manager of the firewall if he finds something in the logs of the firewall
Hi @pipa_85
Hope this sheds some light on the issue at hand...
Would using a 302 redirect instead of a 301 redirect make a firewall malfunction? 
I don't know what 301 and 302 redirects mean I have to search the internet
host elearning.univ-bejaia.dz =>
elearning.univ-bejaia.dz has address 193.194.94.10
traceroute lands on 193.194.94.10 after 25 hops from my location.
My pings are successful to 193.194.94.10.
Doesn't make me lean on a firewall as a first suspect.
However:
PORT STATE SERVICE VERSION
22/tcp filtered ssh
80/tcp open ssl/http
443/tcp open https?
Is interesting. Should look more like this:
PORT STATE SERVICE VERSION
22/tcp filtered ssh
80/tcp open http
443/tcp open ssl/https
Excuse me, I don't know if I understood correctly. do you mean that our firewall is misconfigured?
@Osiris has suggested the possibility. As did @petercooperjr
It is possible.
Doesn't make sense to me.
So whoever maintains the servers and/or firewall(s) for elearning.univ-bejaia.dz should be consulted to discover more information.
I fall the side of a mis-configuration on the server. But again to quote @petercooperjr ,
I manage the server, I haven't changed anything today. The problem appeared right after the firewall manager updated the firewall (today). When the administrator restarts the firewall, the platform becomes accessible again for a while and then becomes inaccessible again. I did not find anything interesting in the server logs and the site is accessible inside the university (locally) at this moment, I will ask the administrator to show me the firewall logs and I will keep you informed.
Thank you all very much for your very precious help.
Hello,
The firewall manager is on leave. With the system administrator we deactivated the IPS in the firewall policy of our site, so, our site became accessible again from the outside. Apparently, it was the IPS that was blocking access to our site, I wonder why. The IPS is activated on the other sites and these sites are accessible from the outside but you should know that these sites are not secured with https. So, I deduce that the IPS only blocks SSL connections.
In the ssl logs of the firewall, we found lines that display the content of the attached image. I don't know if it's serious.
I wonder why the IPS is blocking SSL access to our site? I will search on that.
So the problem is caused by the firewall and not by the server, right?
Maybe your server doesn't recognise the "ISRG Root X1" root certificate as trusted?
Which would be weird, as the "ISRG Root X1" root is already in all major root stores since 2016. But perhaps this would be the reason? I dunno.
Are more Let's Encrypt sites behind that firewall?
You mean the firewall doesn't recognise the "ISRG Root X1" root certificate as trusted?
because our site worked very well with let's encrypt, this problem appeared after updating the firewall.
unfortunately, only our site is secured with https which makes it difficult to understand this problem.
