This site can’t provide a secure connection

Total noob here :frowning:

After updating packages on Ubuntu Linux 14.04.5 and updating Apache to 2.4.29, browsers periodically gives This site can’t provide a secure connection (ERR_SSL_PROTOCOL_ERROR). After I refresh the web page several time, secure connection is established :frowning:

On all web domains on this server that I have installed certbot/letsencrypt are giving this error, periodically. After several refresh, connection back to normal. Let’s test this domain for example: https://www.theiaap.com/

Error logs do not give me anything special, but I notice this error on one of the domain when I try to renew:
Hook command “/bin/run-parts /etc/letsencrypt/pre-hook.d/” returned error code 1
Error output from run-parts:
run-parts: failed to open directory /etc/letsencrypt/pre-hook.d/: No such file or directory

I’m using Cloudflare just for NameServers.

Hi @vladoank,

Your site looks fine when tested at

https://www.ssllabs.com/ssltest/analyze.html?d=www.theiaap.com

Are there particular browsers that give this error or does it happen for people only on a particular network? It could be a case of a firewall interfering with the connection in some way.

Thanks for your reply.

I made all tests that I knew. Different ISP connections, different locations, restarted the server, reinstall the certificates, disable the antivirus, disable firewall, etc … and still this error appears :frowning:

Can the error be caused by .htaccess files? Maybe the browsers cache in something :expressionless:

ErrorDocument 404 /new3/404/index.php

Header set Cache-Control "max-age=2592000, public"
<filesMatch "\\.(css)$">
	Header set Cache-Control "max-age=604800, public"
</filesMatch>

<filesMatch "\\.(js)$">
	Header set Cache-Control "max-age=604800, private"
</filesMatch>

<filesMatch "\\.(html|htm|php)$">
	Header set Cache-Control "max-age=1, private, must-revalidate"
</filesMatch>

I run fiddler capture. This is the error it gives:

The server (80.77.157.82) presented a certificate that did not validate, due to RemoteCertificateNameMismatch, RemoteCertificateChainErrors.

0 - A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Can you get it to save the certificate in question?

New to fiddler … I will try and return back.

Again total noob here :slight_smile:

I manage to catch the two certificates with wireshark and convert them from der format to pem format. This is what I get:

Certificate: 3082050e308203f6a003020102021203a27a784bcc92996f… (id-at-commonName=www.theiaap.com)
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISA6J6eEvMkplv4s0pHu3Tk62tMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAxMDcxNTQ4NTdaFw0x
ODA0MDcxNTQ4NTdaMBoxGDAWBgNVBAMTD3d3dy50aGVpYWFwLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5+RdFYeD90pLVUEQLG0fgZzM7k4f5k
pV5gkIQqCDefllrE09QJn/gftgSsCLn0iQCrx7FXwkcDCx2KG68ypukDcSz1g7jU
tjvjEmVKE+id0ZpKHCITV3nSXt87BNBuxp3A/ov22ex1Jds0d5p/8iy3+OTDFL+e
9Ai9rtBxq7Opvycqks3NGsSu/Gow3tSVSDiiAIkvum1xlidkM52LEN4XP0aA7NW/
ZhUuEiok56uefHd3BLGqsNlf0SBFjiXNe5zToUj7MNuBUGHsThyYhFX3qGI74jam
lKiJlkmtEvT9Uqj4tl6daGLZhLiUFRS3qixLiIAQJXBQhMvixxWsjdkCAwEAAaOC
AhwwggIYMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzlEE/SyVPfzGnGw26PKRh3H6
JFswHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEE
YzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnLzAnBgNVHREEIDAeggt0aGVpYWFwLmNvbYIPd3d3LnRoZWlhYXAuY29tMIH+
BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBACm85Yf5MASXZecaKtk/
Z32BJi/P45+UZqF0Vn6kkdFQRkvrF5cpVNTF/rsjiwKksocOQ38Ng4CDZY0+mYLy
vaDUDQ0vuO70SvIOanj2qCFSVCXuWgTSKU2wVaRqeFac3mPJOFSq7PcQro5UGfkK
MomAOkpKgMxNBnCzyhJaRQ+FuAz8t+MAI8+/TIDFpZ8i9YQ9rCSIb7B5VvBZnjBV
hSSYg6uV0k0x1Ye1B/RoQw5sPwOUf/whYZ++eF/TPlviOGEFDkcnbawZmPfFirIL
vgup+dmKLPesFXIk1CKZGlbbe/y1F1w7ipNdgsc3he7Vyc9fzyaaKOHqUPnnBrfO
o9U=
-----END CERTIFICATE-----

Certificate: 308204923082037aa00302010202100a0141420000015385… (id-at-commonName=Let’s Encrypt Authority X3,id-at-organizationName=Let’s Encrypt,id-at-countryName=US)
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

Hope this helps!

Those two certificates are correct. Did the browser reject the certificates on this connection?

Which browser was it? Have you tried other browsers as well? Is there any way to get more technical detail out of the browser about the reason that it refuse to connect?

Once more thank you for your reply!

Well now I’m not sure who is rejecting the certificates, or even if the problem is about the certificates :frowning:

Here some Chrome catures:

205449: SOCKET
https://theiaap.com/
Start Time: 2018-01-09 09:28:10.879

t=210542 [st= 0] +SOCKET_IN_USE [dt=43]
–> source_dependency = 210714 (HTTP_STREAM_JOB)
t=210543 [st= 1] SOCKET_BYTES_SENT
–> byte_count = 562
t=210543 [st= 1] SSL_SOCKET_BYTES_SENT
–> byte_count = 533
t=210585 [st=43] SOCKET_BYTES_RECEIVED
–> byte_count = 7
t=210585 [st=43] SOCKET_BYTES_SENT
–> byte_count = 31
t=210585 [st=43] SSL_ALERT_SENT
–> hex_encoded_bytes =
02 14 …
t=210585 [st=43] SSL_READ_ERROR
–> error_lib = 16
–> error_reason = 112
–> file = “…/…/third_party/boringssl/src/ssl/ssl_aead_ctx.cc”
–> line = 244
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
–> ssl_error = 1
t=210585 [st=43] SOCKET_CLOSED
t=210585 [st=43] -SOCKET_IN_USE
t=210585 [st=43] -SOCKET_IN_USE
t=210585 [st=43] -SOCKET_ALIVE

210710: URL_REQUEST
https://theiaap.com/new3/signin/
Start Time: 2018-01-09 09:28:10.877

t=210540 [st= 0] +REQUEST_ALIVE [dt=45]
–> priority = “HIGHEST”
–> url = "https://theiaap.com/new3/signin/"
t=210540 [st= 0] +URL_REQUEST_DELEGATE [dt=1]
t=210540 [st= 0] DELEGATE_INFO [dt=1]
–> delegate_blocked_by = "extension AdBlock"
t=210541 [st= 1] -URL_REQUEST_DELEGATE
t=210541 [st= 1] +URL_REQUEST_START_JOB [dt=44]
–> load_flags = 37121 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE | VALIDATE_CACHE | VERIFY_EV_CERT)
–> method = “GET”
–> url = "https://theiaap.com/new3/signin/"
t=210541 [st= 1] URL_REQUEST_DELEGATE [dt=0]
t=210542 [st= 2] HTTP_CACHE_GET_BACKEND [dt=0]
t=210542 [st= 2] HTTP_CACHE_OPEN_ENTRY [dt=0]
–> net_error = -2 (ERR_FAILED)
t=210542 [st= 2] HTTP_CACHE_CREATE_ENTRY [dt=0]
t=210542 [st= 2] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=210542 [st= 2] +HTTP_STREAM_REQUEST [dt=1]
t=210542 [st= 2] HTTP_STREAM_JOB_CONTROLLER_BOUND
–> source_dependency = 210713 (HTTP_STREAM_JOB_CONTROLLER)
t=210543 [st= 3] HTTP_STREAM_REQUEST_BOUND_TO_JOB
–> source_dependency = 210714 (HTTP_STREAM_JOB)
t=210543 [st= 3] -HTTP_STREAM_REQUEST
t=210543 [st= 3] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=210543 [st= 3] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
–> GET /new3/signin/ HTTP/1.1
Host: theiaap.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, br
Accept-Language: en,mk;q=0.9
Cookie: [97 bytes were stripped]
t=210543 [st= 3] -HTTP_TRANSACTION_SEND_REQUEST
t=210543 [st= 3] +HTTP_TRANSACTION_READ_HEADERS [dt=42]
t=210543 [st= 3] HTTP_STREAM_PARSER_READ_HEADERS [dt=42]
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=210585 [st=45] -HTTP_TRANSACTION_READ_HEADERS
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=210585 [st=45] -URL_REQUEST_START_JOB
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=210585 [st=45] URL_REQUEST_DELEGATE [dt=0]
t=210585 [st=45] -REQUEST_ALIVE
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)

210714: HTTP_STREAM_JOB
https://theiaap.com/
Start Time: 2018-01-09 09:28:10.879

t=210542 [st=0] +HTTP_STREAM_JOB [dt=1]
–> expect_spdy = “false”
–> original_url = “https://theiaap.com/
–> priority = “HIGHEST”
–> source_dependency = 210713 (HTTP_STREAM_JOB_CONTROLLER)
–> url = “https://theiaap.com/
–> using_quic = "false"
t=210542 [st=0] HTTP_STREAM_JOB_WAITING [dt=0]
–> should_wait = false
t=210542 [st=0] +HTTP_STREAM_JOB_INIT_CONNECTION [dt=0]
t=210542 [st=0] +HOST_RESOLVER_IMPL_REQUEST [dt=0]
–> address_family = 0
–> allow_cached_response = true
–> host = “theiaap.com:443
–> is_speculative = false
t=210542 [st=0] HOST_RESOLVER_IMPL_IPV6_REACHABILITY_CHECK
–> cached = true
–> ipv6_available = false
t=210542 [st=0] -HOST_RESOLVER_IMPL_REQUEST
–> net_error = -804 (ERR_DNS_CACHE_MISS)
t=210542 [st=0] +SOCKET_POOL [dt=0]
t=210542 [st=0] SOCKET_POOL_REUSED_AN_EXISTING_SOCKET
–> idle_ms = 294217
t=210542 [st=0] SOCKET_POOL_BOUND_TO_SOCKET
–> source_dependency = 205449 (SOCKET)
t=210542 [st=0] -SOCKET_POOL
t=210542 [st=0] -HTTP_STREAM_JOB_INIT_CONNECTION
t=210542 [st=0] HTTP_STREAM_REQUEST_PROTO
–> proto = "http/1.1"
t=210543 [st=1] HTTP_STREAM_JOB_BOUND_TO_REQUEST
–> source_dependency = 210710 (URL_REQUEST)
t=210543 [st=1] -HTTP_STREAM_JOB

The problem is that is happening randomly (probably randomly). Sometimes it connects, sometimes it fails. If I persistently (let’s say 3-4 times) refresh the page, eventually it get connected.

In WireShark I see that the connection get established and the certificate transferred. But latter this happens:
No. Time Source Destination Protocol Length Info
264 17.403307 80.77.157.82 192.168.0.102 TCP 1494 443 → 19925 [ACK] Seq=28957 Ack=1139 Win=31488 Len=1440 [TCP segment of a reassembled PDU]

No. Time Source Destination Protocol Length Info
265 17.403309 80.77.157.82 192.168.0.102 TLSv1.2 740 Application Data

No. Time Source Destination Protocol Length Info
266 17.403448 192.168.0.102 80.77.157.82 TCP 54 19925 → 443 [ACK] Seq=1139 Ack=31083 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
267 26.024263 192.168.0.102 80.77.157.82 TCP 66 19940 → 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No. Time Source Destination Protocol Length Info
268 26.024539 192.168.0.102 80.77.157.82 TCP 66 19941 → 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No. Time Source Destination Protocol Length Info
269 26.024758 192.168.0.102 80.77.157.82 TCP 66 19942 → 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No. Time Source Destination Protocol Length Info
270 26.024978 192.168.0.102 80.77.157.82 TCP 66 19943 → 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No. Time Source Destination Protocol Length Info
271 26.031739 192.168.0.102 80.77.157.82 TLSv1.2 599 Application Data

No. Time Source Destination Protocol Length Info
272 26.040699 80.77.157.82 192.168.0.102 TCP 68 443 → 19940 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1440 SACK_PERM=1 WS=128

No. Time Source Destination Protocol Length Info
273 26.040700 80.77.157.82 192.168.0.102 TCP 68 443 → 19941 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1440 SACK_PERM=1 WS=128

No. Time Source Destination Protocol Length Info
274 26.040700 80.77.157.82 192.168.0.102 TCP 68 443 → 19943 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1440 SACK_PERM=1 WS=128

No. Time Source Destination Protocol Length Info
275 26.040700 80.77.157.82 192.168.0.102 TCP 68 443 → 19942 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1440 SACK_PERM=1 WS=128

No. Time Source Destination Protocol Length Info
276 26.040700 80.77.157.82 192.168.0.102 TLSv1.2 64 Alert (Level: Fatal, Description: Unexpected Message)

No. Time Source Destination Protocol Length Info
277 26.040701 80.77.157.82 192.168.0.102 TCP 56 443 → 19925 [FIN, ACK] Seq=31090 Ack=1684 Win=32640 Len=0

No. Time Source Destination Protocol Length Info
278 26.041003 192.168.0.102 80.77.157.82 TCP 54 19940 → 443 [ACK] Seq=1 Ack=1 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
279 26.041105 192.168.0.102 80.77.157.82 TCP 54 19941 → 443 [ACK] Seq=1 Ack=1 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
280 26.041161 192.168.0.102 80.77.157.82 TCP 54 19943 → 443 [ACK] Seq=1 Ack=1 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
281 26.041212 192.168.0.102 80.77.157.82 TCP 54 19942 → 443 [ACK] Seq=1 Ack=1 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
282 26.041998 192.168.0.102 80.77.157.82 TLSv1.2 571 Client Hello

No. Time Source Destination Protocol Length Info
283 26.042155 192.168.0.102 80.77.157.82 TLSv1.2 571 Client Hello

No. Time Source Destination Protocol Length Info
284 26.042190 192.168.0.102 80.77.157.82 TLSv1.2 571 Client Hello

No. Time Source Destination Protocol Length Info
285 26.042412 192.168.0.102 80.77.157.82 TLSv1.2 571 Client Hello

No. Time Source Destination Protocol Length Info
286 26.042849 192.168.0.102 80.77.157.82 TCP 54 19925 → 443 [ACK] Seq=1684 Ack=31091 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
287 26.043240 192.168.0.102 80.77.157.82 TLSv1.2 85 Encrypted Alert

No. Time Source Destination Protocol Length Info
288 26.043312 192.168.0.102 80.77.157.82 TCP 54 19925 → 443 [FIN, ACK] Seq=1715 Ack=31091 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
289 26.049363 80.77.157.82 192.168.0.102 TCP 56 443 → 19941 [ACK] Seq=1 Ack=518 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
290 26.049363 80.77.157.82 192.168.0.102 TCP 56 443 → 19940 [ACK] Seq=1 Ack=518 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
291 26.049363 80.77.157.82 192.168.0.102 TCP 56 443 → 19943 [ACK] Seq=1 Ack=518 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
292 26.049364 80.77.157.82 192.168.0.102 TCP 56 443 → 19925 [RST] Seq=31091 Win=0 Len=0

No. Time Source Destination Protocol Length Info
293 26.049364 80.77.157.82 192.168.0.102 TCP 56 443 → 19925 [RST] Seq=31091 Win=0 Len=0

No. Time Source Destination Protocol Length Info
294 26.049364 80.77.157.82 192.168.0.102 TCP 56 443 → 19942 [ACK] Seq=1 Ack=518 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
295 26.049365 80.77.157.82 192.168.0.102 TLSv1.2 210 Server Hello, Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
296 26.050606 192.168.0.102 80.77.157.82 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
297 26.050898 80.77.157.82 192.168.0.102 TLSv1.2 210 Server Hello, Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
298 26.050899 80.77.157.82 192.168.0.102 TLSv1.2 210 Server Hello, Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
299 26.050899 80.77.157.82 192.168.0.102 TLSv1.2 210 Server Hello, Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
300 26.052102 192.168.0.102 80.77.157.82 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
301 26.052194 192.168.0.102 80.77.157.82 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
302 26.052453 192.168.0.102 80.77.157.82 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message

No. Time Source Destination Protocol Length Info
303 26.104355 80.77.157.82 192.168.0.102 TCP 56 443 → 19940 [ACK] Seq=157 Ack=569 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
304 26.104356 80.77.157.82 192.168.0.102 TCP 56 443 → 19941 [ACK] Seq=157 Ack=569 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
305 26.104356 80.77.157.82 192.168.0.102 TCP 56 443 → 19943 [ACK] Seq=157 Ack=569 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
306 26.104357 80.77.157.82 192.168.0.102 TCP 56 443 → 19942 [ACK] Seq=157 Ack=569 Win=30336 Len=0

No. Time Source Destination Protocol Length Info
307 26.399087 192.168.0.102 80.77.157.82 TCP 66 19944 → 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

No. Time Source Destination Protocol Length Info
308 26.402601 192.168.0.102 80.77.157.82 TLSv1.2 599 Application Data

No. Time Source Destination Protocol Length Info
309 26.416404 80.77.157.82 192.168.0.102 TCP 68 443 → 19944 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1440 SACK_PERM=1 WS=128

No. Time Source Destination Protocol Length Info
310 26.416405 80.77.157.82 192.168.0.102 TLSv1.2 64 Alert (Level: Fatal, Description: Unexpected Message)

No. Time Source Destination Protocol Length Info
311 26.416405 80.77.157.82 192.168.0.102 TCP 56 443 → 19917 [FIN, ACK] Seq=159491 Ack=13667 Win=57728 Len=0

No. Time Source Destination Protocol Length Info
312 26.416725 192.168.0.102 80.77.157.82 TCP 54 19944 → 443 [ACK] Seq=1 Ack=1 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
313 26.417404 192.168.0.102 80.77.157.82 TLSv1.2 571 Client Hello

No. Time Source Destination Protocol Length Info
314 26.418236 192.168.0.102 80.77.157.82 TCP 54 19917 → 443 [ACK] Seq=13667 Ack=159492 Win=66048 Len=0

No. Time Source Destination Protocol Length Info
315 26.418400 192.168.0.102 80.77.157.82 TLSv1.2 85 Encrypted Alert

No. Time Source Destination Protocol Length Info
316 26.418896 192.168.0.102 80.77.157.82 TCP 54 19917 → 443 [FIN, ACK] Seq=13698 Ack=159492 Win=66048 Len=0

Inside cloudflare panel , go to crypto --> ssl , check whether its full . and the status should show as active certificate.i think its related to cloudflare

It is set to FULL (strict). Status Active Certificate.

Should I change something here?

i am using only full . not -> full (strict)

Is there some other setting you have enabled regarding ssl ?

Thank you for your reply :slight_smile:

Set to FULL. Let’s hope for the best :slight_smile: Please note that my orange cloud is disable (it actually grey).

But I’m very suspicious … everything worked fine until I did the updates. Domains that were set on FLEXIBLE worked fine. Now they are also causing this random appearance. Example this site is working with some requests and periodically fails. It failed on this link:

412645: URL_REQUEST
https://photoclubkragujevac.com/trains/body_status.php
Start Time: 2018-01-09 11:52:00.632

t=215345 [st= 0] +REQUEST_ALIVE [dt=10]
–> priority = “MEDIUM”
–> url = "https://photoclubkragujevac.com/trains/body_status.php"
t=215345 [st= 0] +URL_REQUEST_DELEGATE [dt=1]
t=215345 [st= 0] DELEGATE_INFO [dt=1]
–> delegate_blocked_by = "extension AdBlock"
t=215346 [st= 1] -URL_REQUEST_DELEGATE
t=215346 [st= 1] +URL_REQUEST_START_JOB [dt=9]
–> load_flags = 33026 (BYPASS_CACHE | MAYBE_USER_GESTURE | VERIFY_EV_CERT)
–> method = “POST”
–> upload_id = “0”
–> url = "https://photoclubkragujevac.com/trains/body_status.php"
t=215347 [st= 2] URL_REQUEST_DELEGATE [dt=0]
t=215347 [st= 2] HTTP_CACHE_GET_BACKEND [dt=0]
t=215347 [st= 2] +HTTP_STREAM_REQUEST [dt=0]
t=215347 [st= 2] HTTP_STREAM_JOB_CONTROLLER_BOUND
–> source_dependency = 412647 (HTTP_STREAM_JOB_CONTROLLER)
t=215347 [st= 2] HTTP_STREAM_REQUEST_BOUND_TO_JOB
–> source_dependency = 412648 (HTTP_STREAM_JOB)
t=215347 [st= 2] -HTTP_STREAM_REQUEST
t=215347 [st= 2] +UPLOAD_DATA_STREAM_INIT [dt=0]
t=215347 [st= 2] UPLOAD_DATA_STREAM_INIT [dt=0]
–> is_chunked = false
–> net_error = 0 (?)
–> total_size = 36
t=215347 [st= 2] -UPLOAD_DATA_STREAM_INIT
–> is_chunked = false
–> net_error = 0 (?)
–> total_size = 36
t=215347 [st= 2] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=215347 [st= 2] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
–> POST /trains/body_status.php HTTP/1.1
Host: photoclubkragujevac.com
Connection: keep-alive
Content-Length: 36
Pragma: no-cache
Cache-Control: no-cache
Accept: /
Origin: https://photoclubkragujevac.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
DNT: 1
Referer: https://photoclubkragujevac.com/trains/
Accept-Encoding: gzip, deflate, br
Accept-Language: en,mk;q=0.9
Cookie: [574 bytes were stripped]
t=215347 [st= 2] HTTP_TRANSACTION_SEND_REQUEST_BODY
–> did_merge = false
–> is_chunked = false
–> length = 36
t=215347 [st= 2] +UPLOAD_DATA_STREAM_READ [dt=0]
–> current_position = 0
t=215347 [st= 2] UPLOAD_DATA_STREAM_READ [dt=0]
–> current_position = 0
t=215347 [st= 2] -UPLOAD_DATA_STREAM_READ
t=215347 [st= 2] UPLOAD_DATA_STREAM_READ [dt=0]
–> current_position = 36
t=215347 [st= 2] -HTTP_TRANSACTION_SEND_REQUEST
t=215347 [st= 2] +HTTP_TRANSACTION_READ_HEADERS [dt=8]
t=215347 [st= 2] HTTP_STREAM_PARSER_READ_HEADERS [dt=8]
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=215355 [st=10] -HTTP_TRANSACTION_READ_HEADERS
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=215355 [st=10] -URL_REQUEST_START_JOB
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=215355 [st=10] URL_REQUEST_DELEGATE [dt=0]
t=215355 [st=10] -REQUEST_ALIVE
–> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)

After refresh connection was established :frowning:

contact cloudflare support or check inside its forum . You can find answers there .

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.