Website only accessible from home network

551 · April 24, 2017, 9:50pm

Hi,

Yesterday I installed (from home network with cerbot) successfully a letencrypt cert (with a common guide) on my vserver for a sub domain (felt proud).
Today I wanted to access it from my office or mobile network and just get:

Browser:
Secure Connection Failed

Curl:
…

Server aborted the SSL handshake
Closing connection 0
curl: (35) Server aborted the SSL handshake

When I’m back in my home network it works perfectly. Also e.g. from my mobile phone (wifi).

How can that be??

Thanks for you help.

schoen · April 24, 2017, 9:55pm

Hi @551,

Maybe your office has a firewall that restricts what sites you can visit?

551 · April 24, 2017, 9:56pm

I don’t think this is the problem. I have the same problem when I switch off wifi on my phone.

schoen · April 24, 2017, 10:01pm

I thought you were saying above that it works on your phone, but maybe I understood the opposite of what you meant to say.

Would you like to tell us the domain name?

551 · April 24, 2017, 10:21pm

Please don’t mind that I don’t want to make my domain public without being sure it’s save yet.
Mentioning the phone was just to make clear that it’s not browser or device related. Just being in a different network than the network from were I did the cert installation (via ssh) makes the handshake fail.

It’s strange that when I right now run https://www.ssllabs.com/ssltest/analyze.html I get A+
Just few Handshake Simulations are failing; DNS CAA: no; DST Root CA X3: Self-signed; SSL2 and SSL3: no (some conspicious results)

ahaw021 · April 25, 2017, 12:13am

hi @551

This is the point where you have to make a decision

A) Keep all information to yourself and troubleshoot yourself
B) Share the information required (domain name) and let people assist

It’s unfair to ask people for help without providing the information needed to assist you.

There are several reasons why you may be getting the error and you have not provided a good enough explanation for people to assist.

Andrei

551 · April 27, 2017, 7:40pm

Hi I found the problem.

My config was like:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ...
}

Then I tried it with my concrete IP and it worked:

    server {
        listen 123.123.123.123:443 ssl;
        #listen [::]:443 ssl;
        ...
    }

But I don’t know why this made the differnce now.

system · May 27, 2017, 7:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.