SSL/TLS certificates turning on and off throughout the day

My domain security (my SSL/TLS certificates) seems to keep going in and out causing google to block people from entering my website for a couple of hours a day a couple of days a week.

Help would greatly be appreciated as my website is a crucial part of my business.

My domain is: crt.sh | ilanasmethod.com

My web server is landing (like click funnels).

Looking forward to a response!

Regards, Ilana.

Welcome @ilana

Certificates do not "turn on and off" throughout the day. They are just files that your server uses. They are either valid or not. And, your cert looks to be fine as shown by your crt.sh link and this SSL Cert test site and SSL Labs even gives the security setup an A score.

But, servers can behave poorly and yours likely is. I can't even see the home page to inspect it much.

curl -i https://www.ilanasmethod.com

HTTP/2 403
content-length: 93
cache-control: no-cache
content-type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

I see a number of other problems. I think you need to spend time learning about server admin.

  1. Your website does not redirect from http to https
  2. Your apex domain (ilanasmethod.com) DNS is different than your www domain name. Your apex lists 1 IP address and your www is a CNAME to 3 IP addresses
  3. Your cert is only for www domain but should include the apex too

The 3 IP addresses for your www domain are all separate EC2 instances. If you see different behavior it is likely related to your DNS and AWS config.

3 Likes

Thank you for your detailed response!

You're right this is most likely the issue as I do remember messing around with the DNS records with my CRM Guy without really knowing what we were doing.

This is something that definitely needs to be fixed, but as opposed to learning this stuff myself I would rather hire an expert who could take a deep look into my website and guide me so that it gets resolved correctly from the start.

Do you know anyone I could hire?

I don't know the scope of help you need. But, you could ask either of the people in this thread

2 Likes

Appreciate it.

I basically need what you did (and maybe even a deeper dive if necessary), and help to implement it.

I'd recommend you find a local web development company and explain the type of servers you are using, that you have a load balanced setup using multiple servers and that you need to sort out the website certificates on each server so they are consistent and automatically renewed.

If this isn't your specialist subject I would recommend seeking local help from people who do this work regularly.

Website certificates need to cover all of the names the website will be known as (so in your case at least www.ilanasmethod.com and ilanasmethod.com) and the automatic renewal of the certificate every 90 days or so must work across all the servers (or, just have one reliable and backed up server, instead of multiple servers). Certificate domain validation across multiple servers is slightly trickier than just having one server and using http validation.

4 Likes