Our site is not accessible from the outside but it is accessible locally. I don't know what is the problem.
The whynopadlock site tells me that the SSL certificate tests failed and it asks me to be sure that we can connect to our site via SSL
Our site is accessible in https inside the university. Can you give me an idea of what it could be
It looks to me that when trying to connect, the connection just closes immediately without TLS being negotiated. Probably, you have some firewall in place or the like stopping the connection, or the server isn't actually running properly. I'm not sure if there's much people here can do in order to help you; you'd need to look at logs on your firewalls and on your servers to see where the packets are going and what is closing the connection.
thank you very much for your answer, our site is accessible inside the university (locally) in https, it is not accessible from the outside (from the internet). The problem occurred right after the firewall manager updated the firewall. I would like to know if the firewall can cause this problem.
I'll check in the server logs, I don't have access to the firewall, I'll ask his manager to check.
Thank you very much for your help.
Yes, it is accessible just now because the firewall manager has just restarted the firewall. But, it becomes inaccessible again after a while, I don't know why. So I guess it's not a certificate issue. Maybe the firewall is blocking connections after a certain number of users access the site?
The connection is terminated by your IP address (from my point of view unknown if that's the firewall or something else behind that IP address) after the client has send its "ClientHello" message from the TLS protocol.
It's impossible to know why from here. There could be something in the webservers log or there could be something in the firewalls log.
what is strange is that other sites are accessible for example
I did not find anything special in the server logs knowing that the site is accessible inside the university at the moment
I will see with the manager of the firewall if he finds something in the logs of the firewall
You use a 302 redirect . This means, that the actually content is temporary not reachable and will come back soon. To use a 302 redirection for generally moved pages is a bad idea. Search engine bot might not follow it or handle it as temporary. For SEO this is also a bad idea, because no link juice will be transferred to the linked page.
Hope this sheds some light on the issue at hand...
I manage the server, I haven't changed anything today. The problem appeared right after the firewall manager updated the firewall (today). When the administrator restarts the firewall, the platform becomes accessible again for a while and then becomes inaccessible again. I did not find anything interesting in the server logs and the site is accessible inside the university (locally) at this moment, I will ask the administrator to show me the firewall logs and I will keep you informed.
Thank you all very much for your very precious help.
The firewall manager is on leave. With the system administrator we deactivated the IPS in the firewall policy of our site, so, our site became accessible again from the outside. Apparently, it was the IPS that was blocking access to our site, I wonder why. The IPS is activated on the other sites and these sites are accessible from the outside but you should know that these sites are not secured with https. So, I deduce that the IPS only blocks SSL connections.
In the ssl logs of the firewall, we found lines that display the content of the attached image. I don't know if it's serious.
I wonder why the IPS is blocking SSL access to our site? I will search on that.
So the problem is caused by the firewall and not by the server, right?
You mean the firewall doesn't recognise the "ISRG Root X1" root certificate as trusted?
because our site worked very well with let's encrypt, this problem appeared after updating the firewall.
unfortunately, only our site is secured with https which makes it difficult to understand this problem.