SSL is not working in mobile (The site cant be reached) example.co.uk refused to connect

yuukuu1912 · June 11, 2023, 6:45pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: example.co.uk (really sorry but this is going a production environment soon if its really needed then i will mention it)

I ran this command:

It produced this output:

My web server is (include version):apache 2.4.56 (I just installed sudo apt install apache2)

The operating system my web server runs on is (include version): Debian 11

My hosting provider, if applicable, is: GCP

I can login to a root shell on my machine (yes or no, or I don't know): yes (sudo su -)

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Im using ssh into the server so a terminal is there

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

I ran these commands:
command: curl -Iki https://example.co.uk/

output:

HTTP/1.1 200 OK
Date: Sun, 11 Jun 2023 18:32:47 GMT
Server: Apache/2.4.56 (Debian)
Set-Cookie: OSTSESSID=2lnbkrc0s6fka9mjfk9a23hkh5; expires=Sun, 11-Jun-2023 18:56:47 GMT; Max-Age=1440; path=/; domain=example.co.uk; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: frame-ancestors 'self';
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

i even checked using SSL Server Test (Powered by Qualys SSL Labs)

getting [Chrome 49 / XP SP3] Server sent fatal alert: handshake_failure

|[Safari 6 / iOS 6.0.1]Server sent fatal alert: handshake_failure|
|[Safari 7 / iOS 7.1|Server sent fatal alert: handshake_failure|
|[Safari 7 / OS X 10.9] R|Server sent fatal alert: handshake_failure|
|[Safari 8 / iOS 8.4] Server sent fatal alert: handshake_failure|
|[Safari 8 / OS X 10.10] Server sent fatal alert: handshake_failure|

Protocols
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No

I followed the installation guide to letter Certbot Instructions | Certbot for my config

port 443 is open and also port 80

The site is working in desktop and mac browsers. It is showing an error that is example.co.uk refused to connect.

This is really urgent. Kindly help me sort this out.

Cheers

MikeMcQ · June 11, 2023, 7:22pm

Do you have an actual device that is failing? Or are you just concerned about the SSL Labs report?

Because even the letsencrypt.org site shows errors for those older systems. (link here)

For older Android devices you want to be sure to use the default "long chain" from Let's Encrypt. And, Certbot on Debian would do that by default so should be fine.

We are not a general support site for server config and older systems. We help with Let's Encrypt certs.

You need to be more specific about the exact error you are concerned about (what O/S, what is the error, which browser and version is failing, and so on). The domain name would help too. We are unpaid volunteers using our personal time. If you make it difficult for us to help we may choose not to.

Rip · June 11, 2023, 11:59pm

Well I have to say that an actual domain name would probably be the key to resolving this iisue.
YES. Please provide your domain name so @MikeMcQ can help you resolve this issue.
;0)

webprofusion · June 12, 2023, 1:33am

Different operating systems support different TLS protocol versions and cipher suites. Old operating systems often don't speak TLS1.2 or higher, or newer cipher suites.

So if your site is failing with an old device, that would be one of the most likely reasons. You can choose to enable older versions of TLS on your server to support old devices, but they are generally avoided in modern systems due to security concerns.

If your site is failing with a new device, I'd suggest that your set of enabled cipher suites is too limited, and the device can't negotiate a common suite with the server. It's also possible that the entire TLS config is wrong or not configured, but we can't really check that without knowing the domain.

jvanasco · June 12, 2023, 5:02am

FFS. If it weren't needed, it wouldn't have been asked for. Did you miss this bit:

so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

In any event, those outdated iOS versions are not compatible with LetsEncrypt's certificates. See

system · July 12, 2023, 5:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL Not working on Mobile Help	6	4995	July 20, 2019
SSL not working on DigitalOcean Help	8	2348	May 24, 2021
SSL not working - no site access via browser Help	6	932	March 8, 2021
SSL problem with only the domain Help	53	1156	July 4, 2022
The SSL certificate works on desktop but does not work on mobile Help	12	1619	September 21, 2021

SSL is not working in mobile (The site cant be reached) example.co.uk refused to connect

Related topics