HI

Set up the SSL first time for my domain BIZWEB360.com , everything was working fine .

Few days back the license was renewed automatically on my site now it takes over 20 seconds versus 3 seconds earlier to load !!!

http://bizweb360.com/

tried to run the site without SSL the load time was back to about 3 seconds.

Thanks,
Manny

The certificate itself won’t affect that. Running on exceptionally slow hardware can make TLS pages load slower, but that shouldn’t be an issue unless you’re on embedded and/or decades-old hardware. You should look at your browser’s developer tools and see what’s taking so long to load. It’ll break out each and every resource. Maybe you have a resource loading from somewhere else taking forever?

Looks like it’s just not a fast server to me, downloading at 7.5kb/sec.

# curl 'https://bizweb360.com' > out.test
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 91350    0 91350    0     0   7525      0 --:--:--  0:00:12 --:--:--  7992

For example, in Chromium or Chrome, if you have the Developer Tools open while loading a page, it will show a “waterfall chart” indicating how long each resource took to load and why.

There does seem to be something very wrong with your site. For example, right now this single static file is taking several minutes to load for me and is only downloading at a few kilobytes per second.

10.jpg1667×1667 1020 KB

Hi Seth,

Thanks for quickly getting back to me. I will cc the server person and
developer on the email to resolve this quickly .

We are using AWS. I don’t think server hardware is a issue.

Thanks,
Manny

I have a similar problem. I have an instance in AWS LightSail, I set up for the plan with 4GB RAM and 2vCPU. I installed the LetsEncrypt certificate last week and my entire site started to get slow. Including the management part of Wordpress.

Could this have to do with some configuration of my certificate? Does it need to configure something to redirect http to https? Could this be slowing down the site?

Thank you in advance for your help.

Hi Bruno ,

We didn’t have this problem earlier .

This happened last week for us also !!!

We updated the certificates and all the sites are senile now !

We have a AWS setup similar to yours. We trouble shooted like crazy by eliminating one component at a time and concluded it’s the SSL.

I suspect something changed at let’s encrypt or AWS side which is now conflicting .

Given the way SSL/TLS works, it is close to impossible that a change on the CA side could affect performance this way.

That said, something that could certainly cause this is an issue with the web server configuration. If you used certbot with the apache plugin, which automatically modifies your apache configuration to enable HTTPS, it could even be specific to the HTTPS vhost if the configuration was written in a way that would cause certbot to get confused. If disabling HTTPS reproducibly reduces the loading time, that’s certainly a possibility.

It would be useful if you could share all apache configuration files that were changed from the default configuration (i.e. the configuration after a clean install of apache), plus the files added by certbot (if you used certbot with the apache plugin), plus possibly any relevant logs from apache’s error log.

Thanks for the answers Manny and Patrick. I followed this article to make the settings on my server: https://digitaldavo.wordpress.com/2016/01/13/using-free-letsencrypt-https-ssl-on-bitnami-lamp-on-ec2/

It’s certainly a problem with Apache as Patrick commented, but I have not figured it out yet.

I’ll try to post here the data that Patrick asked for.

hi @brunoliveiralcantara @Manny

can we try doing this in a scientific manner?

for example have either of you reached out to amazon to check if there are any datacentre issues or network speed issues?

Start with the observed root cause:

The websites are loading slow

Work on likely possibilities

A) Servers and Networks are slower (have either of you ruled this out)
B) Have you compared HTTP only loads vs HTTPS loads
C) What is the CPU and RAM usage of your servers
D) Do you have any historic records and is the usage higher
E) Have you made any changes (updating OpenSSL libraries, updating Apache/Ngingx)

Generally saying the renewal made things slow down without a shred of evidence or a structured approach is not an approach I would use (and I have been involved in troubleshooting lots of slow applications)

Andrei

HI

A) Servers and Networks are slower (have either of you ruled this out)
ANS :- I am Useing AWS t2.medium and my http sites working fine. Issue in https only

B) Have you compared HTTP only loads vs HTTPS loads
ANS :- I am useing Instance to Instance LB. For testing i have stopped my loadbalancer.

C) What is the CPU and RAM usage of your servers
This is my server t2.medium vCPU 2 Memory 4MB. And uses is fine.

D) Do you have any historic records and is the usage higher
NO
Have you made any changes (updating OpenSSL libraries, updating Apache/Ngingx)
No only add new domain and run ssl add command. But my ssl renew one day back for all after that sites are slow.

HI brunoliveiralcantara

As per my finding I have not updated Apache and not changes made recently .

Here is my CPU and Memory uses
CPU
load average: 0.02, 0.08, 0.03

Memory
total used free shared buff/cache available
Mem: 3950 356 2963 81 630

My server apache conf files

<VirtualHost *:80>
ServerName bizweb360.com
ServerAlias www.bizweb360.com

RewriteEngine On
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]

<VirtualHost 172.31.56.43:443>
ServerName bizweb360.com
ServerAlias www.bizweb360.com

DocumentRoot /var/www/html/domain/oATvjLPiuy
# SSL Certificate settings
SSLEngine on
SSLCertificateFile      /etc/letsencrypt/live/www.bizweb360.com/fullchain.pem
SSLCertificateKeyFile       /etc/letsencrypt/live/www.bizweb360.com/privkey.pem
#SSLCertificateChainFile /etc/letsencrypt/live/www.bizweb360.com/chain.pem

BandWidthModule On
ForceBandWidthModule On
BandWidth all 8048

CBandLimit 1G
CBandExceededSpeed 128 5 15
CBandScoreboard /tmp/scoreboard/bizweb360.com.scoreboard
CBandPeriod 4W
<Location /cband-status-me>
RewriteCond %{REQUEST_URI} !=/cband-status-me
SetHandler cband-status-me
</Location>

<Directory /var/www/html/domain/oATvjLPiuy>
        DirectoryIndex index.html default.php welcome.php index.php
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Require all granted
</Directory>

ErrorLog /var/log/apache2/bizweb360.com-error.log

Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.
LogLevel error

CustomLog /var/log/apache2/bizweb360.com-access.log combined

One easy check to see if the speed is an HTTPS issue (either cert or config) is to put up a static file, something somewhat large like a 50 megabyte image and then time downloading it over HTTP and HTTPS using a tool like cURL. Obviously, you can’t have a redirect in place for this test.

Since the server just has to serve a static file, any major speed difference between the two attempts will mostly eliminate the application software as a point of problem.

So for all of the people having slowness problems, have you tried downloading a single large static file over HTTPS to see if that is also slow?

The original user complaining about this, @Manny, has a site where downloading a large JPEG file takes a long time (several minutes!), so there is some underlying problem that makes everything slow. That’s not necessarily the case for every site.

Similarly, have you all tried using something like the Chromium/Chrome developer tools where it displays the times that each resource took to load, and the reasons that each took a particular amount of time?

Hi ,

This site is encrypted through Let’s encrypt also, but doesn’t have the loading time issue .

It is on the same server everything is Same except the site certificate has not been renewed yet after the original setup .

We will removed the ssl and ran the bizweb360 site on a different server it was fine . We are going to do the same on this server and run the site on http and see .

Manny

I might be missing something, but the documentation for mod_bw indicates that …

BandWidth all 8048

… limits the bandwidth available to each client to 8048 bytes per second. This roughly matches the speed at which I can load the site. I haven’t waited for the full site to load yet, but it’s definitely > 1MB, so a limit of 8 kbyte/s seems rather low here.

(I’m not familiar with mod_cband, but I’d double-check whether any of those directives introduce similar limits.)

Yes I am checking this May be this bandwidth is doing issue.
Thanks

@Manny @Zaffar

One other difference between your wam360.com site and your bizweb360.com is that the wam360 site uses what seems to be a cdn. Most of the content is served up from what looks like a cdn (cdn.wam360.com) which could explain why the wam360 site is not having issues with loading

Andrei

Hi,

Thanks for all the help. We were able to fix the issue. The download speed as pointed out was 8 Kb which had been changed . We couldn’t find out the reason , but the site is working fine now .

Thanks
Manny