Rebuilt Ookla Speedtest Server Failing HTTPS from Certain Browsers

I am having a strange issue after rebuilding our speedtest server. The OOKLA client is happy with the renewed certs, but if you navigate to https://speedtest.waveruralconnect.com, sometimes it will work, other times it will display ssl error: "An ssl error has occurred and a secure connection to the server cannot be made". The cert renewal went well according to certbot output and i am pointing to the correct cert. What's got me really stumped is that OOKLA and ssllabs is also happy with the server https. Our server is online according to ookla and being used for tests.

My domain is:
speedtest.waveruralconnect.com

I ran this command:

It produced this output:

My web server is (include version):
Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 20.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.40.0

Please check the bindings, IPv4 seems to work while IPv6 seems to always fail:

Name:      speedtest.waveruralconnect.com
Addresses: 2602:fdfc:0:8::2
           170.176.224.5

curl -Iki6 https://speedtest.waveruralconnect.com
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2 Likes

rg305,
thank you! That worked like a champ.

1 Like

I did think of one more question. I know that port 80 had to be open to get started, but can it be closed after the https certificate has been issued and the renew continue to work? Or does certbot/letsencrypt have to have port 80 open?

The next renewal will also be started via port 80 (HTTP).
See:
Best Practice - Keep Port 80 Open - Let's Encrypt (letsencrypt.org)

Great thank you. I will keep redirect turned on as per the article.

1 Like