Slow negotiation

paolobenve · October 16, 2017, 9:38am

Hi! I successfully generated the certificates, but sites are loading very slowly in browser.

the sites are on a debian jessie server where pound listens on port 443 and negotiaties the certificates, passing to varnish, passing to apache.

With curl I see:

$ curl -v https://www.qumran2.net
* Rebuilt URL to: https://www.qumran2.net/
*   Trying 5.9.68.170...
* Connected to www.qumran2.net (5.9.68.170) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1

here it waits 3 seconds, then continues:

* SSL connection using TLS1.2 / DHE_RSA_AES_256_GCM_SHA384
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: www.qumran2.net (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=www.qumran2.net
* 	 start date: Fri, 13 Oct 2017 20:08:40 GMT
* 	 expire date: Thu, 11 Jan 2018 20:08:40 GMT
* 	 issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
* 	 compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: www.qumran2.net
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Mon, 16 Oct 2017 08:02:32 GMT
< Set-Cookie: PHPSESSID=ef1008e8acd174c8180384a421765e41; path=/
< Cache-Control: max-age=0, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Set-Cookie: u=https%3A%2F%2Fwww.qumran2.net%2F; expires=Tue, 31-Oct-2017 08:02:32 GMT; Max-Age=1296000; path=/
< Set-Cookie: visited=1; expires=Mon, 16-Oct-2017 14:02:32 GMT; Max-Age=21600; path=/
< Set-Cookie: vecchioutente=1; expires=Sun, 23-Aug-2020 00:02:32 GMT; Max-Age=90000000; path=/
< Vary: Accept-Encoding
< X-Mod-Pagespeed: 1.12.34.2-0
< Content-Type: text/html; charset=utf-8
< Age: 5266
< X-Cache: cached
< Transfer-Encoding: chunked
< Connection: keep-alive
< Accept-Ranges: bytes
< 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

I’m wondering if there is something wrong with the certificates…

tialaramex · October 16, 2017, 9:42am

Very unlikely to be a certificate problem. The certificate is just a (digital) document presented to prove your identity, much more likely this is a configuration mistake or network problem.

system · November 15, 2017, 9:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.