WP plugin is saying my ssl is NOT valid

Zseam1 · March 19, 2022, 1:32pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mybaseballdash.com

I ran this command: I am trying to activate ssl for my site. On my cpanel in hostgator its telling me its active but traffic is not being directed to https. I proceeded to try both the Really Simple SSL and WP SSL plugins.

It produced this output: These plugins are telling me my ssl is NOT valid.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: hostgator

I can login to a root shell on my machine (yes or no, or I don't know): i dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

MikeMcQ · March 19, 2022, 2:37pm

Welcome to the community @Zseam1

I think your question is better sent to hostgator support. Have you followed their instructions here?

rg305 · March 19, 2022, 5:16pm

HTTP is actually being redirected to HTTPS.
And a cert should be available to cover that name (and the "www"):

It seems the cPanel doesn't recognize the names (via HTTPS):

curl -Lv https://mybaseballdash.com/
*   Trying 107.154.172.234...
* TCP_NODELAY set
* Connected to mybaseballdash.com (107.154.172.234) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, Server hello (2):
* error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name

curl -Lv https://www.mybaseballdash.com/
*   Trying 107.154.158.234...
* TCP_NODELAY set
* Connected to www.mybaseballdash.com (107.154.158.234) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, Server hello (2):
* error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name

9peppe · March 19, 2022, 5:18pm

Yes, but not via an HTTP header, I suspect something untoward with some "security suite" is going on.

Zseam1 · March 19, 2022, 10:06pm

What are the next steps i should take if you dont mind me asking?

9peppe · March 19, 2022, 10:10pm

Investigate how your webserver is working.

It's something pretty convoluted that I haven't seen before. If you are on a shared hosting, you can only do whatever they offer as an option.

You should also talk to their support. We can help, but I'm not sure we understand that system.

rg305 · March 20, 2022, 12:12am

Agreed; Talk with your HSP (or whomever manages the cPanel).

griffin · March 20, 2022, 1:49am

That must be happening at the application level because I don't see it at the protocol level.

http://mybaseballdash.com
200 OK

http://www.mybaseballdash.com
200 OK

9peppe · March 20, 2022, 9:17am

Yes, the http page is some auto-generated-looking agglomeration of <script> tags without any actual content.

Osiris · March 20, 2022, 9:56am

Looking at the headers and script src URL the WordPress instance seems to be running a plugin called Incapsula and/or the site is using the "Incapsula service", whatever that may be

Ah yes, definitely using the "Incapsula" service, looking at the IP address 107.154.172.234:

NetRange:       107.154.0.0 - 107.154.255.255
CIDR:           107.154.0.0/16
NetName:        INCAPSULA-NETWORK
NetHandle:      NET-107-154-0-0-1
Parent:         NET107 (NET-107-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS19551
Organization:   Incapsula Inc (INCAP-5)
RegDate:        2013-12-02
Updated:        2021-12-14
Ref:            https://rdap.arin.net/registry/ip/107.154.0.0

And Incapsula is only sending the end leaf certificate without any certificate chain...

system · April 19, 2022, 9:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.