CURL issue with "www" under Cloudflare

Hi there,

We have a question about the CURL, we can’t hit CURL “www” if under Cloudflare.
Let say “www.abc.com/123.html”, the error should be:
curl: (60) Issuer certificate is invalid.
More details here: curl - SSL CA Certificates

However, we remove the “www”
i.e. “abc.com/123.html”, it works properly.

HTTP/1.1 301 Moved Permanently
Date: Tue, 12 May 2020 09:10:49 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 12 May 2020 10:10:49 GMT

Is possible CURL can hit both “www” and “without www” under Cloudflare? thanks!

abc.com does not appear to be using Cloudflare or Cloudflare nameservers. You may want to recheck the domain and try again.

Hi there, you may try our real domain

with “www” → curl: (60) Issuer certificate is invalid.
curl -I https://www.28carparts.com
curl -I Bosch 0986479382 Brake Disc (Rear) | 28CarParts

without “www”
curl -I https://28carparts.com
curl -I Bosch 0986479382 Brake Disc (Rear) | 28CarParts

For me both works properly.

But to ignore SSL Certification errors you can run:

curl -I -k https://www.28carparts.com
curl -I -k https://www.28carparts.com/en/bosch-0986479382-brake-disc-rear.html

or

curl -I --insecure https://www.28carparts.com
curl -I --insecure https://www.28carparts.com/en/bosch-0986479382-brake-disc-rear.html

Both of these options (--insecure & -k) do the same. Hope this helps
For more options use curl --help or check curl - How To Use

Hi M4rt1n,

Wow. Thank you so much for your checking and useful information!!

Do you know why if we don’t add (–insecure & -k) will return

1. curl: (60) Issuer certificate is invalid ← curl -I https://www.28carparts.com
2. HTTP/1.1 301 Moved Permanently ← curl -I https://28carparts.com/

Do you have any clue?

Regards,
Perry

curl -I https://www.28carparts.com

curl: (60) Issuer certificate is invalid.
More details here: curl - SSL CA Certificates

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

curl -I https://28carparts.com

HTTP/1.1 301 Moved Permanently
Date: Tue, 12 May 2020 16:08:59 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 12 May 2020 17:08:59 GMT
Location: https://www.28carparts.com/
Expect-CT: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi /beacon/expect-ct”
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 592566cea91edd2a-SIN
alt-svc: h3-27=“:443”; ma=86400, h3-25=“:443”; ma=86400, h3-24=“:443”; ma=86400, h3-23=“:443”; ma=86400
cf-request-id: 02ab3e952c0000dd2aed2fe200000001

I can not answer this one as it works for me. Pls give it a try on another machine

This is due to the fact, that you redirect from “non www” to “www”.
To meassure the endpoint pls add the option -L (curl - How To Use) which will follow the redirect and meassure the target it reaches there.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.