Website zeezicht-oostende.be not find by SSL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: zeezicht-oostende.be

I ran this command: SSL

It produced this output: zeezicht-oostend.be not found

My web server is (include version): VIMEXX

The operating system my web server runs on is (include version):yes

My hosting provider, if applicable, is: VIMEXX

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

That, um, isn't a command. If you aren't able to turn on SSL (TLS, really) using your web site's control panel (which is my best guess based on the very little information you've provided), I'd suggest you get in touch with the support resources for your web host to troubleshoot.

5 Likes

Hello @roger2,

From this Permanent link to this check report I believe that you have Geo Blocking going on.

Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt

Please see:

Edit

However Let's Debug yields results of "OK" here https://letsdebug.net/zeezicht-oostende.be/2449062

And it seem server: Apache

$ curl -Ii http://zeezicht-oostende.be/.well-known/acme-challenge/IsCBy648arUtLmSddFx9M4Z2OD7BGAd84gUK03Jo_wx -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
HTTP/1.1 404 Not Found
date: Fri, 16 May 2025 21:17:15 GMT
content-type: text/html; charset=iso-8859-1
alt-svc: h3=":443";ma=180;
server: Apache

And here the certificate has subject: CN=*.zxcs.be that causes this error curl: (60) SSL: no alternative certificate subject name matches target host name 'zeezicht-oostende.be'

$ curl -k -vv -Ii https://zeezicht-oostende.be
* Host zeezicht-oostende.be:443 was resolved.
* IPv6: 2a06:2ec0:1:e::164
* IPv4: 185.220.172.65
*   Trying 185.220.172.65:443...
* Connected to zeezicht-oostende.be (185.220.172.65) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.zxcs.be
*  start date: Jul  8 00:00:00 2024 GMT
*  expire date: Jul 22 23:59:59 2025 GMT
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha384WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://zeezicht-oostende.be/
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: zeezicht-oostende.be]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> HEAD / HTTP/2
> Host: zeezicht-oostende.be
> User-Agent: curl/8.5.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 403
HTTP/2 403
< date: Fri, 16 May 2025 21:23:33 GMT
date: Fri, 16 May 2025 21:23:33 GMT
< content-type: text/html; charset=iso-8859-1
content-type: text/html; charset=iso-8859-1
< alt-svc: h3=":443";ma=180;
alt-svc: h3=":443";ma=180;
< server: Apache
server: Apache

<
* Connection #0 to host zeezicht-oostende.be left intact

Have you restarted Apache after retrieving and installing the issued certificate?
Please show the output of this command. sudo apachectl -t -D DUMP_VHOSTS

1 Like

I don't know about that. The only location from that report that works is Finland. But, the IP address used from the Finland test location is different than all the others.

Using https://unboundtest.com the IP ending in ".65" is the current one. So, for some reason that Finland test center has a different IP. Hard to know which IP it is supposed to be but the .65 is probably the right one. It is worth checking though.

Interestingly, the .65 IP is what I see from my US test server. And, I can reach that IP (and their domain) just fine. The Apache server there doesn't look like it is setup properly but that is a different story :slight_smile:

3 Likes

Fair enough @MikeMcQ! :slight_smile:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.