mohammadreza

Active Member
Jan 7, 2018
40
0
6
Teh
cPanel Access Level
Root Administrator
Hello
SSL is not work on one of my domain
I tried different methods but the problem didn't work out
I get Time out error
Http is ok.
for exp :
recreate account, reissue certificate ,...
When I move to another server, everything is OK

How Is possible Remove all of Cache in Server for this one?

Thank you

Best regards
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,293
1,279
313
Houston
Hello,

When you attempt to access a domain that has a valid SSL you receive the timeout? What is the output of the following:

Code:
curl -vvI https://domain.tld
Ensure you remove any actual domain names and IP addresses from the output
 

mohammadreza

Active Member
Jan 7, 2018
40
0
6
Teh
cPanel Access Level
Root Administrator
Hello,

When you attempt to access a domain that has a valid SSL you receive the timeout? What is the output of the following:

Code:
curl -vvI https://domain.tld
Ensure you remove any actual domain names and IP addresses from the output
Hello
Thanks for your reply

Output is :

Code:
curl -vvI https://nik....
* About to connect() to nika... port 443 (#0)
*   Trying 5.......
* Connected to ni.....com (5....) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=nik....
*       start date: Mar 30 00:00:00 2020 GMT
*       expire date: Jun 27 23:59:59 2020 GMT
*       common name: nik....
*       issuer: CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: ni...
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Connection: Keep-Alive
Connection: Keep-Alive
< X-Powered-By: PHP/7.2.28
X-Powered-By: PHP/7.2.28
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Date: Tue, 31 Mar 2020 21:37:57 GMT
Date: Tue, 31 Mar 2020 21:37:57 GMT
< Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

<
* Connection #0 to host ni.... left intact
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,293
1,279
313
Houston
Hello,


There was no timeout here and the domain was retrieved successfully with a valid SSL. You can see this by the following:

SSL info:

Code:
* Server certificate:
*       subject: CN=nik....
*       start date: Mar 30 00:00:00 2020 GMT
*       expire date: Jun 27 23:59:59 2020 GMT
*       common name: nik....
*       issuer: CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Apache Response:
Code:
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
Is the IP that's returned the same as the IP of the server where it's not working? Are you using any firewall software? Did you run this curl request from the server or outside the server? IF run from the server please run it from another location that is remote to the server.
 

mohammadreza

Active Member
Jan 7, 2018
40
0
6
Teh
cPanel Access Level
Root Administrator
The previous result is from the same server that is hosted.
Yes I use a firewall and imunify360
The following result is from another server:
Code:
curl -vvI https://nika...
* About to connect() to nik.... port 443 (#0)
*   Trying 5.....
* Connected to ni.... (5.9...) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer
SSL is not work
just work http:
Code:
curl -vvI http://ni...
* About to connect() to ni... port 80 (#0)
*   Trying 5.9....
* Connected to nik... (5....) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: nik...
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Connection: Keep-Alive
Connection: Keep-Alive
< X-Powered-By: PHP/7.2.28
X-Powered-By: PHP/7.2.28
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Date: Wed, 01 Apr 2020 19:32:49 GMT
Date: Wed, 01 Apr 2020 19:32:49 GMT

<
* Connection #0 to host nika... left intact
@cPanelLauren
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,293
1,279
313
Houston
I'd strongly urge you to contact your hosting provider to ensure that there isn't something network related occurring. I'm able to perform a curl request to the server over 443 without issue using the IP address (I can see the pre-edited posts)
 

mohammadreza

Active Member
Jan 7, 2018
40
0
6
Teh
cPanel Access Level
Root Administrator
I'd strongly urge you to contact your hosting provider to ensure that there isn't something network related occurring. I'm able to perform a curl request to the server over 443 without issue using the IP address (I can see the pre-edited posts)
Hi @cPanelLauren
Thank for your reply
This problem only applies to 3 domains
No problem for other domains on the same network (https|443)
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,293
1,279
313
Houston
That's different then. The https request for those domains should be no different than the one being performed for the working domains on the same server. There has to be a configuration difference occurring for those domains. Because I can't look at the server and we don't promote the use of real domain names on the forums I'd advise you to open a ticket to have this investigated further.
 

mohammadreza

Active Member
Jan 7, 2018
40
0
6
Teh
cPanel Access Level
Root Administrator
That's different then. The https request for those domains should be no different than the one being performed for the working domains on the same server. There has to be a configuration difference occurring for those domains. Because I can't look at the server and we don't promote the use of real domain names on the forums I'd advise you to open a ticket to have this investigated further.
@cPanelLauren Hi
Thanks for your reply
I will open an Ticket soon,
Can you please Tell me what's Configuration should i check?

Thank you very much
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,293
1,279
313
Houston
I think my first stop would be ensuring that you're not cached, if you haven't checked that already, the .htaccessfiles associated with those domains as well as any apache includes.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,293
1,279
313
Houston
I will also note that I was able to view the site (based on an IP lookup of the IP prior to your removing it) over https without issue. See the curl request below as well:

Code:
# curl -vvI https://nikaxxxxxx.com
* About to connect() to nikaxxxxxx.com port 443 (#0)
*   Trying 5.9.xx.xx...
* Connected to nikaxxxxxx.com (5.9.xx.xx) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*     subject: CN=www.server.nikaxxxxxx.com
*     start date: Mar 26 20:01:10 2020 GMT
*     expire date: Jun 24 20:01:10 2020 GMT
*     common name: www.server.nikaxxxxxx.com
*     issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: nikaxxxxxx.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Connection: Keep-Alive
Connection: Keep-Alive
<removed the rest here>
 

mohammadreza

Active Member
Jan 7, 2018
40
0
6
Teh
cPanel Access Level
Root Administrator
I think my first stop would be ensuring that you're not cached, if you haven't checked that already, the .htaccessfiles associated with those domains as well as any apache includes.
I'm use LiteSpeed Plugin,That may be the problem?

The problem is very strange
Port 443 does not work for these 3 domains only for some locations
Like Turkey, Dubai, Iran
But for the United States, Germany, etc., port 443 is available without any problems
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,293
1,279
313
Houston
This sounds a lot like a firewall issue, I don't know of anything that would cache the site for specific countries and not for others, furthermore, I'm unaware of anything but a firewall that would employ restrictions based on the country