Trouble finding Charter Communications as Web Hoster

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://www.nettranscorp.org

I ran this command: URL: "https://www.nettranscorp.org"

It produced this output: " This site can’t provide a secure connection

www.nettranscorp.org uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Charter Communications, Inc. biz.rr.com

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): FileZilla 3.69.6

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): unestablished at this time.

domainerror
domainerror829×421 3.08 KB

2

Hello @nettranscorp,

The domain name www.nettranscorp.org does not appear to be serving HTTPS only HTTP.

$ curl -Ii http://www.nettranscorp.org:80
HTTP/1.1 409 Conflict
Date: Fri, 08 May 2026 22:06:22 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 9f8bc5712b85fef4-PDX

$ curl -Ii http://www.nettranscorp.org:443
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Fri, 08 May 2026 22:06:26 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -

$ curl -Ii https://www.nettranscorp.org:443
curl: (35) OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure

$ curl -Ii https://www.nettranscorp.org:80
curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number

Edit: and shown here Hardenize Report: nettranscorp.org

Edit 2: also note that nettranscorp.org has a name mismatch for the TLS (formerly SSL) certificate https://decoder.link/sslchecker/nettranscorp.org/443 that is yolasite.com
after we get past the name mismatch nettranscorp.org redirects to www.nettranscorp.org

$ curl -k -Ii https://nettranscorp.org
HTTP/2 302
date: Fri, 08 May 2026 22:30:10 GMT
content-type: text/html
content-length: 142
lookup-cache-hit: 1
location: https://www.nettranscorp.org/
server: nginx
x-hrouter: hrouter3

Note that nettranscorp.org is running nginx where www.nettranscorp.org is running cloudflare, not a problem just reveling the complexity of this setup.
As well as this excerpt of DNS

nettranscorp.org.    	300	A	52.2.192.9            
www.nettranscorp.org.    	300	CNAME	sitebuilderhostsite.net.

And nettranscorp.org seems to be ec2-52-2-192-9.compute-1.amazonaws.com

Edit 3:

openssl s_client -connect www.nettranscorp.org:443 -servername www.nettranscorp.org -state -debug 
$ openssl s_client \
  -connect www.nettranscorp.org:443 \
  -servername www.nettranscorp.org \
  -state -debug
CONNECTED(00000003)
SSL_connect:before SSL initialization
write to 0xaaab180875f0 [0xaaab18173f70] (322 bytes => 322 (0x142))
0000 - 16 03 01 01 3d 01 00 01-39 03 03 f0 fe bb 8e 65   ....=...9......e
0010 - f9 fb dc bc e3 56 bd 19-aa 13 81 ef a3 b2 c2 c5   .....V..........
0020 - 36 43 8d 68 07 58 2e 23-5d b5 ec 20 bc b8 c2 7a   6C.h.X.#].. ...z
0030 - bf 3e 72 94 a6 bb 40 1b-8a 16 fe 34 52 3d a0 86   .>r...@....4R=..
0040 - 09 50 d9 49 45 82 01 f6-e8 42 a7 c5 00 3e 13 02   .P.IE....B...>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa   .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27   .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d   .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 b2   ...=.<.5./......
0090 - 00 00 00 19 00 17 00 00-14 77 77 77 2e 6e 65 74   .........www.net
00a0 - 74 72 61 6e 73 63 6f 72-70 2e 6f 72 67 00 0b 00   transcorp.org...
00b0 - 04 03 00 01 02 00 0a 00-16 00 14 00 1d 00 17 00   ................
00c0 - 1e 00 19 00 18 01 00 01-01 01 02 01 03 01 04 00   ................
00d0 - 23 00 00 00 16 00 00 00-17 00 00 00 0d 00 2a 00   #.............*.
00e0 - 28 04 03 05 03 06 03 08-07 08 08 08 09 08 0a 08   (...............
00f0 - 0b 08 04 08 05 08 06 04-01 05 01 06 01 03 03 03   ................
0100 - 01 03 02 04 02 05 02 06-02 00 2b 00 05 04 03 04   ..........+.....
0110 - 03 03 00 2d 00 02 01 01-00 33 00 26 00 24 00 1d   ...-.....3.&.$..
0120 - 00 20 be 72 a1 30 a1 8b-d1 de bd c2 98 1f 1f 24   . .r.0.........$
0130 - 44 1f 40 01 19 e4 34 d1-7a a4 3c 07 de 69 65 57   D.@...4.z.<..ieW
0140 - c9 3d                                             .=
SSL_connect:SSLv3/TLS write client hello
read from 0xaaab180875f0 [0xaaab1816ad43] (5 bytes => 5 (0x5))
0000 - 15 03 01 00 02                                    .....
read from 0xaaab180875f0 [0xaaab1816ad48] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in error
2080B796FFFF0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1599:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 322 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0xaaab180875f0 [0xaaab18044200] (8192 bytes => 0)
openssl s_client -connect nettranscorp.org:443 -servername nettranscorp.org 
$ openssl s_client \
  -connect nettranscorp.org:443 \
  -servername nettranscorp.org
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.yolasite.com
verify return:1
---
Certificate chain
 0 s:CN = *.yolasite.com
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 19 00:00:00 2026 GMT; NotAfter: Mar 22 23:59:59 2027 GMT
 1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Nov  2 12:24:33 2017 GMT; NotAfter: Nov  2 12:24:33 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGHzCCBQegAwIBAgIQBZGs2HaRD1uBhODuRQF9pzANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
MB4XDTI2MDIxOTAwMDAwMFoXDTI3MDMyMjIzNTk1OVowGTEXMBUGA1UEAwwOKi55
b2xhc2l0ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoLbTJ
lotxeqCIzyPM8tMZq6w6ppWfuw7xKbs845QHBcMGKbWnbi11Ql9lOjecOg7PytSz
AjEJZL/wdNtc1rU1nB5R5wmTXRsQT1tDyI0z8sVAJVZfYS1EBzZYBIb7SKBzy2OM
YB3/bHncyKT34Ak1sJ0AxP1F+LhLozhXFYW7fEe+I8RfQ6YuyXPz0HBJozb9q5cC
I4ydKbIbsLsg2MAVNQ5RMz4afDjyY/cKHGrFpxhNkke3HtLkBowMl1yJy+vxM3J9
EyTwH3L9s45HAbdQElKgahhgPsRMksSA6fD3bBnbhQbOrSXO2VVOCq11/H/qt61D
Orz4sdk2liJf8rndAgMBAAGjggMaMIIDFjAfBgNVHSMEGDAWgBQM22yCSQ9KZwq4
FO56xEhSiOtWODAdBgNVHQ4EFgQUNsunjTHQk9f7xVTOcqmPcpd7nwMwJwYDVR0R
BCAwHoIOKi55b2xhc2l0ZS5jb22CDHlvbGFzaXRlLmNvbTA+BgNVHSAENzA1MDMG
BmeBDAECATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9D
UFMwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMD8GA1UdHwQ4
MDYwNKAyoDCGLmh0dHA6Ly9jZHAucmFwaWRzc2wuY29tL1JhcGlkU1NMVExTUlNB
Q0FHMS5jcmwwdgYIKwYBBQUHAQEEajBoMCYGCCsGAQUFBzABhhpodHRwOi8vc3Rh
dHVzLnJhcGlkc3NsLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL2NhY2VydHMucmFw
aWRzc2wuY29tL1JhcGlkU1NMVExTUlNBQ0FHMS5jcnQwDAYDVR0TAQH/BAIwADCC
AX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYATGPcmOWcHauI9h6KPd6uj6tEozd7
X5uUw/uhnPzBviYAAAGcdteJVgAABAMARzBFAiEAkqaYDOLS4zejCZOYiE6/XYH9
cCK4LF+AMFeRa1ejEokCIG/KS2FKDSTWjpBFdLCTTfH0zm7gViNzuwQ5bGGek3U/
AHYARMK9DOkUDmSlyUoBkwpaobs1lw4A7hEWiWgqHETXtWYAAAGcdteJkgAABAMA
RzBFAiEAqJV8cZR/KI6SBIsIfyMr1EBsUvKe83CbeJV8R2n2LiACIE+JRZ5qUFlt
a2kYZPex2dHQ9jPLO3VmIWvYvjJ/8mzVAHUAHJ9oLOn68EVpUPgbloqH3dsyENhM
5siy44JSSsTPWZ8AAAGcdteJ4QAABAMARjBEAiAStpu6B1uXVBVChCqtY8jzMa0l
A8RMdEZu8dDobaqlXgIgF2Vou5GRjJKwk2zccKHFB9aESgsNqm5SQ9v3wfQEBWUw
DQYJKoZIhvcNAQELBQADggEBAIybx9Y7weSe0B1HOpVMAK5e0ZjhiK94e/fSmVgZ
r2mLKcS6rQUKfNwz+kaYR9OtsWGndbw+L87URn/bz1YkmBL7YDfXOiPdovYNEldG
9VpDI2vmYr0AD/8+cT9auCKXdbi5lUoZcA+Kec8/uHAg0fbUNThPHrn9Cb+Af7Ff
1WoQ6IZ3WWFMTty2JrSWQP7YCgjrcpVLbkfzMQBm+OPZgZ1O+G1fPLPTa12gkg38
TQjiCYqAewfZcHzbz1H5vzvm5jN1m28IZtWSjfA56MROIVL1aTMmAvjL8meiBUuv
kw3od3aOF0MwF2/srEwRrMY3TPi6Xo+q49Ai8U8c71gr8Do=
-----END CERTIFICATE-----
subject=CN = *.yolasite.com
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3343 bytes and written 398 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: D1B0CEACF4BA2AA7DE0017491E781A8E7260C8303A6FB33CCAB5A3745F2F3C69
    Session-ID-ctx:
    Resumption PSK: EEDC236A1C0BB53356AAA5D0153ABA237C3996A2DBC41AE18BFB97445CA67D998A14E31B2828152AE4A375756D6207FD
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - d4 01 f1 93 c5 ae f5 c3-1f 3b 48 f3 ba c3 48 60   .........;H...H`
    0010 - e8 37 45 3d 35 34 d4 f7-f8 44 62 a5 89 67 62 b0   .7E=54...Db..gb.
    0020 - ca 70 24 32 48 7c 5d 5a-ca 01 56 54 0c e9 cf c8   .p$2H|]Z..VT....
    0030 - fa 03 c0 b2 cc 25 74 8f-f9 63 9a 8f 98 d7 31 53   .....%t..c....1S
    0040 - e9 98 4d 3a db 9f 5e 3c-11 96 ab a9 b3 10 9b 17   ..M:..^<........
    0050 - 0a 6f 33 83 89 02 9a 70-c9 12 1a fc a6 82 99 f2   .o3....p........
    0060 - c2 7e 70 73 0d 4e 3d 23-64 a4 bf 79 28 c0 04 4c   .~ps.N=#d..y(..L
    0070 - 05 01 dc 90 af 81 ce b6-ba a0 37 f4 ab 74 57 bb   ..........7..tW.
    0080 - be 69 5a 66 ec 1c f1 e8-75 c2 0e ad 32 22 44 75   .iZf....u...2"Du
    0090 - ff 0e 09 46 0e 1c c3 75-20 b1 45 d4 5f 7a e4 99   ...F...u .E._z..
    00a0 - c6 ad f5 a6 48 46 94 cf-88 76 f8 d1 85 34 da d4   ....HF...v...4..
    00b0 - 3a ba 88 84 e3 6e fa 0a-2f 5b bc 60 7d 57 35 7f   :....n../[.`}W5.
    00c0 - 68 a7 73 09 c6 91 cf b3-23 62 a4 46 ed d4 31 94   h.s.....#b.F..1.
    00d0 - e3 79 a6 7a 51 78 ec ef-5a ed a4 11 75 a8 5e d0   .y.zQx..Z...u.^.

    Start Time: 1778282031
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 1C4F70521C77C75D89D6ED3616EE84F817A0E0C59D4528EEB0869E1E59814B5B
    Session-ID-ctx:
    Resumption PSK: 5F4AB665CBE6129B80E19FC11850896E0F89467ECF56D7480F75C99C0CE08BB918C5D74046CA4378835BA9A0524D7DED
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - d4 01 f1 93 c5 ae f5 c3-1f 3b 48 f3 ba c3 48 60   .........;H...H`
    0010 - 20 16 68 67 8e 1a d4 8f-67 09 1b 5d c5 5a 86 25    .hg....g..].Z.%
    0020 - 3c 1f 82 37 f7 51 74 70-19 8f 51 22 95 b5 80 cc   <..7.Qtp..Q"....
    0030 - 3e 6f 84 1e 79 ae bc 46-28 c1 09 89 87 97 f9 12   >o..y..F(.......
    0040 - 21 f3 33 3b 51 1b 83 48-43 09 5b cf a7 c8 bd ce   !.3;Q..HC.[.....
    0050 - 8a 98 c2 93 61 10 06 73-b7 a7 a8 89 74 48 aa 4f   ....a..s....tH.O
    0060 - a4 78 4c ce 87 c8 fb 45-1b 11 f2 81 ee 67 00 b0   .xL....E.....g..
    0070 - 47 38 d1 ca 72 82 99 53-d4 77 e4 43 88 91 23 50   G8..r..S.w.C..#P
    0080 - 6d 70 21 a9 d9 46 08 57-59 26 55 ac e6 00 67 92   mp!..F.WY&U...g.
    0090 - d4 02 39 6c bc 87 25 dd-49 83 80 28 38 1e 52 02   ..9l..%.I..(8.R.
    00a0 - 62 a0 e2 3f a1 ac 9c 34-3d 87 44 b6 35 39 2c 25   b..?...4=.D.59,%
    00b0 - ec 7c 13 57 1d ab 5d 6e-f1 ac ff 95 ed f2 a3 7b   .|.W..]n.......{
    00c0 - 64 19 66 4a f0 60 60 24-8e 52 3b 3d ab e0 f8 00   d.fJ.``$.R;=....
    00d0 - 68 a1 c2 70 5f ad e4 b0-3c 96 72 8a 6f f9 e5 6a   h..p_...<.r.o..j

    Start Time: 1778282031
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
3

@nettranscorp Do you know what that sitebuilderhostsite is? To me it looks like a system that helps you build a website. It also looks like it is configured wrong.

I think you should ask their tech support how to fix that. Your problem isn't related to Let's Encrypt certs but in your DNS and website config.

Be sure to ask them about the error below. Note cloudflare as the service that is replying. And, the 409 error with an additional 1001 error code. This points to an incorrect Cloudflare setup.

curl -i www.nettranscorp.org 

HTTP/1.1 409 Conflict
Date: Fri, 08 May 2026 23:12:36 GMT
Server: cloudflare
CF-RAY: 9f8c26731b615e59-IAD

error code: 1001

Also see: Error 409 · Cloudflare Support docs