Weird certificate problem

You probably forgot to include the www in the vhost config.
You should find lines like:
ServerName foro.losumo.com
ServerAlias www.foro.losumo.com

Here is my virtual host

<Directory /var/www/html/losumo.com/public_html>
Require all granted
</ Directory>
<VirtualHost *:80>
ServerName foro.losumo.com
ServerAlias www.foro.losumo.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/foro.losumo.com/public_html

    ErrorLog /var/log/apache2/foro.losumo.com.error.log
    CustomLog /var/log/apache2/foro.losumo.com.access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.foro.losumo.com [OR]
RewriteCond %{SERVER_NAME} =foro.losumo.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</ VirtualHost>

Or, since now I see that you are using CloudFlare, you may need to include the WWW in their configuration.

curl -Iki https://foro.losumo.com
HTTP/2 200
date: Sun, 17 Mar 2019 20:40:10 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d039532466cdcf62530df81c129ddf7b81552855208; expires=Mon, 16-Mar-20 20:40:08 GMT; path=/; domain=.losumo.com; HttpOnly
set-cookie: phpbb3_bkj55_u=1; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/; domain=foro.losumo.com; secure; HttpOnly
set-cookie: phpbb3_bkj55_k=; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/; domain=foro.losumo.com; secure; HttpOnly
set-cookie: phpbb3_bkj55_sid=dd39125225706a00e81f29ab92d2bb36; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/; domain=foro.losumo.com; secure; HttpOnly
cache-control: private, no-cache=“set-cookie”
expires: Sun, 17 Mar 2019 20:40:10 GMT
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
server: cloudflare
cf-ray: 4b91c7bf6b4ab955-MIA

curl -Iki https://www.foro.losumo.com
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Name: foro.losumo.com
Addresses: 2606:4700:30::681c:aba
2606:4700:30::681c:bba
104.28.10.186
104.28.11.186

Name: www.foro.losumo.com
Addresses: 2606:4700:30::681c:bba
2606:4700:30::681c:aba
104.28.10.186
104.28.11.186

losumo.com is using cloudflare, but not foro.losumo.com

Maybe I should add it too?

Hi @fernandoch

the site use Cloudflare:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
foro.losumo.com A 104.28.10.186 yes 1 0
A 104.28.11.186 yes 1 0
AAAA 2606:4700:30::681c:aba yes
AAAA 2606:4700:30::681c:bba yes
www.foro.losumo.com A 104.28.10.186 yes 1 0
A 104.28.11.186 yes 1 0
AAAA 2606:4700:30::681c:aba yes
AAAA 2606:4700:30::681c:bba yes

But the Cloudflare certificate is a wildcard without the www-version:

CN=sni.cloudflaressl.com, O="CloudFlare, Inc.", 
L=San Francisco, S=CA, C=US
	13.03.2019
	13.03.2020
expires in 362 days	sni.cloudflaressl.com, 
losumo.com, *.losumo.com - 3 entries

www doesn't work:

SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

No, sorry, both are like that

Hi @JuergenAuer

And do you know how to fix it?

These may be your internal ip addresses.

But your public ip addresses are 104.28.10.186 etc.

If you want to use Cloudflare, you must have a complete certificate before you activate Cloudflare.

So first deactivate Cloudflare, so the 37.... is your public ip address. Then create a correct certificate, then activate Cloudflare.

Or use the Cloudflare - integrated solution.

A few hours earlier I have updated the page

and added a link to the Cloudflare blog @schoen had shared.

I had the complete certificate before activating cloudflare.

Maybe. But we can't check it. We see only Cloudflare.


Oh, wait. I can check it. But I need your complete ip.

Or check it direct using my tool - https://check-your-website.server-daten.de/

Yesterday I have added a new field - Hostname.

So it's possible to add the ip address in the main field and the hostname in the extra field.

Then you can check it without having a dns A- or AAAA entry.

So you need two checks: Both with the same ip address and one time the non-www, the other time the www domain name in the hostname field.

1 Like

Just removed the certificate and created it again but now with cloudflare…

A bit lost in here, what to do? Should I remove cloudflare and stay without it?

Recheck the domain to see if it works - https://check-your-website.server-daten.de/?q=foro.losumo.com

You need to either disable Cloudflare’s proxy on https://www.foro.losumo.com/ or buy a Dedicated Certificate with Custom Hostname that matches that hostname from Cloudflare.

I will disable cloudflare from all the domain I guess…

With that https://check-your-website.server-daten.de/?q=foro.losumo.com what do we get?

The last check is one hour old - (that post Weird certificate problem - #7 by JuergenAuer ).

If you have changed your configuration, then you can recheck your domain.

But if I recheck, then what?

Is there a proper way to have a certificate with cloudflare? Or better to remove cloudflare?

The tool is only an online tool to see the configuration. Without too much manual checks.

There are a lot of websites using Cloudflare. But I don't know the details, I don't use Cloudflare. You can use it with an own working certificate. But then you need first a working configuration, then activate Cloudflare.

The thing is now I need to copy all the A records and everything manually back to namecheap…

Cloudflare copies them automatically the other way around…