I really wish you would have given Pausing Cloudflare a try.
As I said, you’re using Google Sites. Which means you have a CNAME that points to ghs.googlehosted.com
which resolves like this:
% host ghs.googlehosted.com
ghs.googlehosted.com has address 142.250.72.179
So, let’s bypass Cloudflare, and connect directly to your server, completely removing Cloudflare from the situation.
% curl -svo /dev/null https://www.humus.io --connect-to ::142.250.72.179
* Connecting to hostname: 142.250.72.179
* Trying 142.250.72.179:443...
* Connected to 142.250.72.179 (142.250.72.179) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [317 bytes data]
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [15 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [4021 bytes data]
* SSL certificate problem: certificate has expired
* Closing connection
Well, shoot, we can’t connect because the certificate has expired. Let’s take a closer look by ignoring an invalid cert (this goes for a bit, so you’ll have to scroll within the response textbox):
% curl -skvo /dev/null https://www.humus.io --connect-to ::142.250.72.179
* Connecting to hostname: 142.250.72.179
* Trying 142.250.72.179:443...
* Connected to 142.250.72.179 (142.250.72.179) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [317 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [15 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [4021 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=www.humus.io <~~~~~~~~There's your hostname, so we're in the right place
* start date: Jun 7 22:26:35 2024 GMT
* expire date: Sep 5 23:16:26 2024 GMT <~~~~~ And there it is…expired very recently
* issuer: C=US; O=Google Trust Services; CN=WR3
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.