My web site can not use SSL

http://www.billion.com
can not use ssl, i need help

thanks

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2 Likes

FATAL
A fatal issue occurred during the DNS lookup process for billion.com/CAA.
DNS response for billion.com/CAA did not have an acceptable response code: SERVFAIL

i need help for my website in duda

If you require help, you’ll need to fill in the whole questionnaire I posted earlier! Not just brief snaps of the process, we need all information.

2 Likes

https://crt.sh/?q=www.billion.com

Hi @angelcheng

your name servers are completely buggy.

There are older checks - one and 1,5 hours old - https://check-your-website.server-daten.de/?q=billion.com

There your name servers are ok, they answer.

Domain Nameserver NS-IP
billion.com • vdns1.digitalunited.com 61.20.46.203
Jian’an/Taipei/Taiwan (TW) - Far EastTone Telecommunication Co., Ltd. •
• vdns2.digitalunited.com 61.20.46.204
Jian’an/Taipei/Taiwan (TW) - Far EastTone Telecommunication Co., Ltd. •

But checking from my pc:

dig CAA billion.com. @61.20.46.203
dig CAA billion.com. @61.20.46.204

Timeouts. Same with unboundtest - https://unboundtest.com/m/CAA/billion.com/KGXYQ5U2

Summary

Query results for CAA billion.com
----- Unbound logs -----
May 30 16:27:48 unbound[1049:0] notice: init module 0: validator
May 30 16:27:48 unbound[1049:0] notice: init module 1: iterator
May 30 16:27:48 unbound[1049:0] info: start of service (unbound 1.10.1).
May 30 16:27:49 unbound[1049:0] info: 127.0.0.1 billion.com. CAA IN
May 30 16:27:49 unbound[1049:0] info: resolving billion.com. CAA IN
May 30 16:27:49 unbound[1049:0] info: priming . IN NS
May 30 16:27:49 unbound[1049:0] info: response for . NS IN
May 30 16:27:49 unbound[1049:0] info: reply from <.> 2001:500:2f::f#53
May 30 16:27:49 unbound[1049:0] info: query response was ANSWER
May 30 16:27:49 unbound[1049:0] info: priming successful for . NS IN
May 30 16:27:49 unbound[1049:0] info: response for billion.com. CAA IN
May 30 16:27:49 unbound[1049:0] info: reply from <.> 2001:500:2f::f#53
May 30 16:27:49 unbound[1049:0] info: query response was REFERRAL
May 30 16:27:50 unbound[1049:0] info: response for billion.com. CAA IN
May 30 16:27:50 unbound[1049:0] info: reply from <com.> 2001:503:231d::2:30#53
May 30 16:27:50 unbound[1049:0] info: query response was REFERRAL
May 30 16:27:50 unbound[1049:0] info: resolving vdns2.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: priming . IN NS
May 30 16:27:50 unbound[1049:0] info: resolving vdns1.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: priming . IN NS
May 30 16:27:50 unbound[1049:0] info: response for . NS IN
May 30 16:27:50 unbound[1049:0] info: reply from <.> 192.58.128.30#53
May 30 16:27:50 unbound[1049:0] info: query response was ANSWER
May 30 16:27:50 unbound[1049:0] info: priming successful for . NS IN
May 30 16:27:50 unbound[1049:0] info: priming successful for . NS IN
May 30 16:27:50 unbound[1049:0] info: response for vdns2.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: reply from <.> 192.203.230.10#53
May 30 16:27:50 unbound[1049:0] info: query response was REFERRAL
May 30 16:27:50 unbound[1049:0] info: response for vdns1.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: reply from <.> 2001:7fd::1#53
May 30 16:27:50 unbound[1049:0] info: query response was REFERRAL
May 30 16:27:50 unbound[1049:0] info: response for vdns2.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: reply from <com.> 2001:502:8cc::30#53
May 30 16:27:50 unbound[1049:0] info: query response was REFERRAL
May 30 16:27:50 unbound[1049:0] info: response for vdns1.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: reply from <com.> 192.31.80.30#53
May 30 16:27:50 unbound[1049:0] info: query response was REFERRAL
May 30 16:27:50 unbound[1049:0] info: response for vdns2.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: reply from <digitalunited.com.> 61.20.46.203#53
May 30 16:27:50 unbound[1049:0] info: query response was ANSWER
May 30 16:27:50 unbound[1049:0] info: response for vdns1.digitalunited.com. AAAA IN
May 30 16:27:50 unbound[1049:0] info: reply from <digitalunited.com.> 61.20.46.203#53
May 30 16:27:50 unbound[1049:0] info: query response was ANSWER
May 30 16:27:51 unbound[1049:0] info: response for vdns2.digitalunited.com. AAAA IN
May 30 16:27:51 unbound[1049:0] info: reply from <digitalunited.com.> 61.20.46.204#53
May 30 16:27:51 unbound[1049:0] info: query response was nodata ANSWER
May 30 16:27:51 unbound[1049:0] info: response for vdns1.digitalunited.com. AAAA IN
May 30 16:27:51 unbound[1049:0] info: reply from <digitalunited.com.> 61.20.46.204#53
May 30 16:27:51 unbound[1049:0] info: query response was nodata ANSWER
May 30 16:27:53 unbound[1049:0] info: Capsforid: timeouts, starting fallback

Error running query: read udp 127.0.0.1:38168->127.0.0.1:1053: i/o timeout

So the online tool (from Berlin) can see your name servers. A pc from Berlin can’t. Same Unboundtest / Letsencrypt.

2 Likes

can you tell me where online tool,i very need
and thanks your help

1 Like

5-go-daddy-ex 6-google-domain-ex

duda Provide how to use it,so have noCAA, so i do not standuand.

It’s not a problem of your configuration.

It’s a problem of your buggy name servers.

And you can’t fix it, because you don’t manage your name servers.

The owners of

vdns1.digitalunited.com
vdns2.digitalunited.com

have to do that.

Only thing you can do: Change your name servers.

But that may be impossible.

PS: Letsencrypt must check if there is a CAA record. If the name servers don’t answer or if they answer wrong (with a Servfail instead of NoData), Letsencrypt isn’t allowed to create a certificate. That’s a global rule.

2 Likes

thank your very much.

Donc, cette question peut s’appliquer pour SSL?

because duda give me the answer

Thanks for reaching out!

It seems like there are some links in this site that are not secured which are the reason the SSL failure. You can see an example here.​

Non-secure links or resources can cause the page to be flagged as non-secure, even if it has an SSL certificate. Things you need to make sure are secure are:

  • Images
  • Cascading style sheets (CSS)
  • Javascript

You can check to see if these things are secure by checking how they’re linked in your code. Secure external links begin with http s , while non-secure links begin with http . Local content that uses a relative path will automatically adopt SSL when it is installed on a domain.

How to fix
If you find any links that are http , you need to make them secure.
To fix unsecured links, you need to make sure that your HTML code either calls locally hosted elements via a relative path, such as:

/images.logo.png
/includes/script.js

Or, if they’re called by their absolute path, you need to be sure the link includes the http s .

https://mydomain.com/images/logo.png
https://mydomain.com/includes/script.js

Let us know if you have more questions.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.