Firefox "Secure Connection Failed" for some SSL PDF downloads???

[Scott Galambos]

Does anyone know why I get this? The web says its a problem with my server's SSL, yet I'm just running the latest cPanel/WHM and certs issued from the automatic cert authority like everyone else. Yet when I try to download a PDF over SSL (eg. https://temp.domain.ca/whatever.pdf) where temp.domain.ca is an A record (if it matters) and I'll get this "Secure Connection Failed" error sometimes.

What do I have to do to my cPanel server to make this stop. I know I can change some security.ssl.enable_ocsp_stapling settings to false to fix it in firefox. BUT WHY? I have other people using firefox trying to download PDF's over SSL and they will not be doing this. How can this be such a problem?

 

[cPanelLauren]

The subdomain it's redirecting to is temp.yourdomain.ca - does this also have an SSL certificate associated with it?

 

[Scott Galambos]

sorry, its not redirecting. thats the real domain. see my original post for update domains instead of whatever.com.

 

[cPanelLauren]

What's noted in the apache error logs when this occurs? They're at /etc/apache2/logs/error_log

 

[Scott Galambos]

I see, its being denied with "client denied by server configuration"? What would do this? How can it work, then not work 2 seconds later. It would bounce back and forth yet I change nothing. This is from apache error_log.

[Tue May 19 01:46:18.688500 2020] [:error] [pid 24003] [client 104.195.135.11:59254] client denied by server configuration: /home/user/public_html/temp.domain.ca/docs/file.pdf

 

[cPanelLauren]

What is in the .htaccess file for that domain?

 

[Scott Galambos]

What is in the .htaccess file for that domain?

It says this for temp.extremehosting.ca:

IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble

<IfModule mime_module>
  AddHandler application/x-httpd-ea-php72 .php .php7 .phtml .html
</IfModule>

 

[cPRex]

I was able to navigate the file structure in a browser without errors when I tried just now, although the "docs" directory, which would be my guess as to where the PDF files would be located, is giving me an "access denied" in my browser. Is that where the PDF file is located that is causing this error? If so, it seems that this would be a permissions issue or other access restriction on the directory itself.

If you're not able to track that down you can always contact our support team with the link in my signature and we can take look for you.

 

[Scott Galambos]

I was able to navigate the file structure in a browser without errors when I tried just now, although the "docs" directory, which would be my guess as to where the PDF files would be located, is giving me an "access denied" in my browser. Is that where the PDF file is located that is causing this error? If so, it seems that this would be a permissions issue or other access restriction on the directory itself.

If you're not able to track that down you can always contact our support team with the link in my signature and we can take look for you.

Yes "docs" is where problem is. But the "Access Denied" is because an .htaccess in the /docs directory has "Options -Indexes". so you can't browse. thats expected.

So again, it works (but sometimes pauses as the browser tries to load a PDF), but eventually it continues and loads. Then I hard refresh to test again (CTRL-F5) and it will give me the error, both in my error_log:

[Fri May 22 09:47:33.854682 2020] [:error] [pid 17559] [client 104.195.135.11:50983] client denied by server configuration: /home/user/public_html/temp.extremehosting.ca/docs/TheAnalysisOfIllegalContracts.pdf

then also the attached browser error. If I can pay someone to investigate that would be good. I can't see what I'm doing wrong. if I don't hear back I'll submit a ticket..

works about 60% of the time.

 

[cPRex]

Out ticket system support is always free, so no payment necessary :D We just require that you have root access to the server so we can log in.

Is that data from the local error_log or the main Apache log on the system (/etc/apache2/conf/httpd.conf)? Another tool like ModSecurity could be involved with issues like this as well, which would only show up in the main error log on the machine.

 

[Scott Galambos]

The log entry is from my /etc/apache2/logs/error_log only. I can't see anything in my mod_securty logs that relates to this. notice the error above is [:error], usually the module name is there like [access_compat:error] or something I see. I have no idea whats causing this.

 

[cPanelLauren]

If you remove these does it function normally?

IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble

Primarily concerned with the FoldersFirst and SupressHTMLPreamble settings but it may be beneficial to remove them all and go from there.

 

[Scott Galambos]

I suspect it may be a network issue because a cPanel tech could not reproduce the issue.