Website: Extrem slow response time for no reason for several hours

For several hours my website does not respond, it has time-outs or pages are loading slow at 30 seconds.
This happens for 2-5 hours, then it is gone.
This happens the 3th time this year, and I think it is regulary (3 months)
My apache server is IDLE in the meantime
My webhost says everything on the server is working perfect
My DNS (cloudfare) says their system worsk perfect, host does not respond.
After 2-5 hours it is over, website is FAST again (0,250ms load time)

I have this issue now for the 3th time this year, and I can not find out why. It seems to be happen every few months, the first time on Feb 10, and then somewhen in August, now Dec. 8

I must admit: If I would not watch the website, I might miss it (but I get emails from uptime-robot now). In February the out-time was long, but in August it was just 2 hours so I did not really care cause I had a feeling it will be gone soon. This time it was heavy, 6 hours, and I lost a lot of sales cause it was Sunday evening…

I now think the SSL letsencrypt renewal might have to do with it. Althoug the renewal was on Dec 6 and the error occurs now on Dec 9. But I restarted the server today…

Nobody is able to help me.
Domains:


Whenever I start to ask people they help me maybe 2-3 hours later and then the problem is gone. So nothing to look for… sorry, we can not help, maybe it was a DDos (no it wasnt, there is no load on the Server)

The webserver-support answered a few times while the site was down/slow, but they were only looking on their server, and the server works fast, 1% CPU load (well nothing is going), no problem there they said…
Support told me my SSL port is closed…

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
443/tcp filtered https
3306/tcp open mysql

(it says filtered…)

The issue is even more complex:

  1. While I am always unable to visit the website, I see some customers can still use it (like 30%). But it might be slow for them (maybe 5-10 seconds load time), I have 30 seconds load time. Depends on the region I guess.

  2. I have 2 domains (mirrowed) that serve the same site: When the problem was solved I was on my samsung-pad and could surf FAST on Domain2, while Domain1 was still un-responsive (time-out-loading). That was very confusing, it seemed the the domain itself has a connection problem/ssl problem/routing problem? (as I said, server is very fast).

  3. I switched from my pad to my notebook, here both domains already work fast.
    (I will restart the pad now) No, restart did not solve the problem DOMAIN 1 is still not responding on my pad, while working fast on my notebook.

Domain 1 is on goodaddy, DNS also from goodaddy (dokumente-online.com)
Domain 2 is on a different registrar and DNS is on cloudflare.com, very fast DNS times. (swopdoc.com)

Both of these domains point to the same vServer and scripts, they just serve an english and an german layout.

What could cause this problem?
Is it a SSL -> browser -> new certificate - issue?

I do not know where to start…

I really hate this problem now cause when it appears there is usually no one around to ask, and nobody says this is my responsibility. As it comes regulary, I assume it hs to do with the certificate update (90 days)

1 Like

Do you have OCSP stapling enabled in Apache?

grep -Ri SSLUseStapling /etc/apache2

Do you have OCSP stapling enabled in Apache?

grep -Ri SSLUseStapling /etc/apache2

I do not think so, I never heard that therm, and when I type in your command on ssh there is no response at all…

BTW: I am absolute sure now it is a SSL problem.

I was just able to destroy everything again. I could surf the website (dokumente-online.com), then I opened a page that is loading a iframe (same domain, I need this window to check several pages at one time, it is a admin only page). Well, this page with iframe did not load.
I wend back to the users pages, and nothing worked
I checked certificates and the NEW certificate from Dec 6 was gone, chrome wrote THIS PAGE IS NOT SECURE. I just saw 2 minutes before that I had a valid SSL certificate starting at Dec 6

What the hell is going on?

I re-installed letsencrypt
I re-newed all certificates

Now I can surf my own website again, new certificate DAte is Dec 9.

I am lost…

Well, I was gonna suggest that OCSP might be an issue (due to the timing and the fact it only selectively affects visitors) … but after your most recent post, I don’t think that’s it after all.

It sounds more like an Apache malfunction.

It would be helpful to get more details from this screen.

There will generally be an error code (like NET::ERR_CERT_COMMON_NAME_INVALID), and if you click on that piece of text, Chrome reveals more information on the error like so:

What’s revealed there would give a lot of insight as to what’s happening.

Wow this is so weird!

  1. Site works fine
  2. When I visit a specific page on my site (admin only area), it does not load.
  3. Afterwards NOTHING is loading, I do not know how far the communication goes, but it does even say the pages are safe. Just endlese loading without any response
  4. I delete all BROWSER Cache, it works again

I was able to reproduce it with Chrome and Firefox… same behaviour.
I now remember, that this (admin area) was the last thing I visited 5pm this afteroon, then nothing ever worked again.

Now I tried to track down the error on this page, I deleted parts, bit by bit…and the error is gone, I put the parts in again, the error is gone. I have absolut zero explanation.

I am unable to produce any error now.

See what I mean when I say I can not track down this problem… This beast of a website is working smooth now without any issue.

Even on my Samsung-Pad (where Domain was not working after everything receovered), now it works smooth. And I did nothing to it…

I know it is a SSL problem. What I do on my ADMIN page is, I load previews of my pages from Domain1 or Domain2 into an iframe (it is like my editor, just to check if the page looks fine)
I believe that the SSL for Domain2 caused trouble while beeing loaded in the iframe within Domain1, and it just destroyed all certificates for the browser or whatever.
This happens because Domain1 got a NEW certificate update on Friday night, while Domain2 (inside the frame) had its stable certificate back from September…

Sorry, I am just learning whats going on.

I think I was only able to solve this, when I finally ERASED the iframe in the code, loaded the Domain1-page (with no frame, so it was empty), then put the iframe (Domain2) BACK into the same script and loaded it again. Then the browser was happy and worked fine again.

But this load-issue did not happen to my computer alone. I know that visits numbers went down from 100% to 40% while this problem occured, and I did not have any sales for 3 hours on sunday evening (usually that is a heavy time, lots of sales).
And I know that standard users have no access to the iFrame page… I do not use them on public pages.

Hi @bodomalo

your site has fundamental errors - https://check-your-website.server-daten.de/?q=dokumente-online.com

Domainname Http-Status redirect Sec. G
• http://dokumente-online.com/ 92.51.148.131 301 https://dokumente-online.com/ Html is minified: 100,00 % 0.064 A
• http://dokumente-online.com/ 2a01:488:66:1000:5c33:9483:0:1 301 https://dokumente-online.com/ Html is minified: 100,00 % 0.047 A
• http://www.dokumente-online.com/ 92.51.148.131 301 https://dokumente-online.com/https://www.dokumente-online.com/ Html is minified: 100,00 % 0.063 E
• http://www.dokumente-online.com/ 2a01:488:66:1000:5c33:9483:0:1 301 https://dokumente-online.com/https://www.dokumente-online.com/ Html is minified: 100,00 % 0.047 E
• https://www.dokumente-online.com/ 92.51.148.131 301 https://dokumente-online.com/ Html is minified: 100,00 % 3.360 N
Certificate error: RemoteCertificateNameMismatch
• https://www.dokumente-online.com/ 2a01:488:66:1000:5c33:9483:0:1 301 https://dokumente-online.com/ Html is minified: 100,00 % 3.610 N
Certificate error: RemoteCertificateNameMismatch

Later, it’s completely curious:

• http://www.dokumente-online.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:488:66:1000:5c33:9483:0:1
	301
	https://dokumente-online.com/https://www.dokumente-online.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/acme-challenge/check-your-website-dot-server-daten-dot-de

And the certificate is wrong.

CN=dokumente-online.com
	09.12.2019
	08.03.2020
expires in 90 days	dokumente-online.com, swopdoc.com - 2 entries

One certificate with the non-www and the www version is required, if you have both dns entries.

Didn’t checked the other domain, may have the same problems.

1 Like

Hello Juergen

I must admit I have absolut no idea what is wrong.
This always worked, everything.

I never use www., it always has been forwarded immediately to a non-www. domain.

Where can I get help?

The page worked now until 9:30am
Not it is acting weird again, with dozens of forwards…
I get different eorror messages “too many forwards”, “no secure page”, “time-out”…

1 Like

Site was very slow loading for 1 hour 10:30-11: clock 1030:
Now it is suddenly back and extrem fast as usually.

I really don’t get it… I am not even able to track down an error until the error is gone…

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.