Firefox "Secure Connection Failed" for some SSL PDF downloads???

Scott Galambos

Well-Known Member
Jul 13, 2016
69
2
8
Canada
cPanel Access Level
Root Administrator
Does anyone know why I get this? The web says its a problem with my server's SSL, yet I'm just running the latest cPanel/WHM and certs issued from the automatic cert authority like everyone else. Yet when I try to download a PDF over SSL (eg. https://temp.domain.ca/whatever.pdf) where temp.domain.ca is an A record (if it matters) and I'll get this "Secure Connection Failed" error sometimes.

What do I have to do to my cPanel server to make this stop. I know I can change some security.ssl.enable_ocsp_stapling settings to false to fix it in firefox. BUT WHY? I have other people using firefox trying to download PDF's over SSL and they will not be doing this. How can this be such a problem?
 

Attachments

Last edited by a moderator:

Scott Galambos

Well-Known Member
Jul 13, 2016
69
2
8
Canada
cPanel Access Level
Root Administrator
I see, its being denied with "client denied by server configuration"? What would do this? How can it work, then not work 2 seconds later. It would bounce back and forth yet I change nothing. This is from apache error_log.

Code:
[Tue May 19 01:46:18.688500 2020] [:error] [pid 24003] [client 104.195.135.11:59254] client denied by server configuration: /home/user/public_html/temp.domain.ca/docs/file.pdf
 
Last edited by a moderator:

cPRex

Well-Known Member
Staff member
Oct 19, 2014
196
27
103
cPanel Access Level
Root Administrator
I was able to navigate the file structure in a browser without errors when I tried just now, although the "docs" directory, which would be my guess as to where the PDF files would be located, is giving me an "access denied" in my browser. Is that where the PDF file is located that is causing this error? If so, it seems that this would be a permissions issue or other access restriction on the directory itself.

If you're not able to track that down you can always contact our support team with the link in my signature and we can take look for you.
 

Scott Galambos

Well-Known Member
Jul 13, 2016
69
2
8
Canada
cPanel Access Level
Root Administrator
I was able to navigate the file structure in a browser without errors when I tried just now, although the "docs" directory, which would be my guess as to where the PDF files would be located, is giving me an "access denied" in my browser. Is that where the PDF file is located that is causing this error? If so, it seems that this would be a permissions issue or other access restriction on the directory itself.

If you're not able to track that down you can always contact our support team with the link in my signature and we can take look for you.
Yes "docs" is where problem is. But the "Access Denied" is because an .htaccess in the /docs directory has "Options -Indexes". so you can't browse. thats expected.

So again, it works (but sometimes pauses as the browser tries to load a PDF), but eventually it continues and loads. Then I hard refresh to test again (CTRL-F5) and it will give me the error, both in my error_log:

Code:
[Fri May 22 09:47:33.854682 2020] [:error] [pid 17559] [client 104.195.135.11:50983] client denied by server configuration: /home/user/public_html/temp.extremehosting.ca/docs/TheAnalysisOfIllegalContracts.pdf
then also the attached browser error. If I can pay someone to investigate that would be good. I can't see what I'm doing wrong. if I don't hear back I'll submit a ticket..

works about 60% of the time.
 

Attachments

cPRex

Well-Known Member
Staff member
Oct 19, 2014
196
27
103
cPanel Access Level
Root Administrator
Out ticket system support is always free, so no payment necessary :D We just require that you have root access to the server so we can log in.

Is that data from the local error_log or the main Apache log on the system (/etc/apache2/conf/httpd.conf)? Another tool like ModSecurity could be involved with issues like this as well, which would only show up in the main error log on the machine.
 

Scott Galambos

Well-Known Member
Jul 13, 2016
69
2
8
Canada
cPanel Access Level
Root Administrator
The log entry is from my /etc/apache2/logs/error_log only. I can't see anything in my mod_securty logs that relates to this. notice the error above is [:error], usually the module name is there like [access_compat:error] or something I see. I have no idea whats causing this.