Number of sites accessible via broadband but not via 4G


#1

My domain is: 178.79.169.171

I ran this command: attempted accessing sites hosted on this server via 4G (EE in the UK)

It produced this output: returns SSL error (NSURLErrorDomain in Firefox for IOS)

My web server is (include version): Nginx 1.14.0

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No all via SSH

I have been accessing sites (all with separate SSL certs) at this IP address via my mobile network provider (EE.co.uk) without hitch at least up until yesterday now I get SSL/server not secure errors.

I can still access the sites via regular broadband (tried a few providers to be sure) - other people seem to access the sites no problem via their own 4G networks.

Various online SSL checks show the certificates to be valid. Other sites with SSL certs I look after on a different server with a similar set up are still accessible via 4G.

Domains on the same host that don’t have SSL are still accessible.

Thanks


#2

Hi @Pezzab

there is a certificate with two domain names. Is this

https://chethamarms.co.uk/

your domain? If yes: If you use the ip address, the certificate is invalide. Because the certificate has only the two names

chethamarms.co.uk www.chethamarms.co.uk

So use https://chethamarms.co.uk/ - and it’s ok.


#3

Also, if those are the FQDNs, they resolve to both IPv4 and IPv6 addresses.
Ensure that both are working.
For me, the IPv6 address is returning “Connection refused”.


#4

Yes it is, thank you for the super quick response!


#5

To confirm I should only use one version of the domain for the certificate (i.e. just chethamarms.co.uk) not two yes?


#6

Ah I forgot to delete the IPV6 entries from my DNS manager


#7

No, exact wrong.

If you have a domain name chethamarms.co.uk, there are always people who add www.

So you should have 2 ports and 2 domain names and correct redirects http -> https and https / not preferred version -> https / preferred version. But your site is good ( https://check-your-website.server-daten.de/?q=chethamarms.co.uk ):


Domainname Http-Status redirect Sec. G
http://chethamarms.co.uk/
178.79.169.171 301 https://chethamarms.co.uk/ 0.050 A
http://www.chethamarms.co.uk/
178.79.169.171 301 https://www.chethamarms.co.uk/ 0.043 A
https://www.chethamarms.co.uk/
178.79.169.171 301 https://chethamarms.co.uk/ 2.253 B
https://chethamarms.co.uk/
178.79.169.171 200 1.937 B

Every version answers, three correct redirects, one https version with http status 200.

So every user (and every search engine) has the same version - https + non-www.

There are sometimes sites with two certificates (one domain name per certificate). But I think, the version with one certificate and two domain names is easier. And it’s better then having a wrong certificate (www-version) or a timeout (not preferred version doesn’t answer).


#8

Thanks again JuergenAuer :+1:t4:


#9

Just reporting back to say that the issue seems to have been resolved by deleting IPv6 addresses from my Linode DNS manager.

I had forgotten that I’d let Linode populate the DNS entries with a default setup that included IPv6 which wasn’t needed.

This appears to be the solution in my case.

Thanks again rg305 and JuergenAuer :slightly_smiling_face::+1:t4: