You can try something like for i in {1..100}; do echo -n "Test $i: "; date; curl -sv https://example.com -o/dev/null --connect-to ::actual-server-ip --cacert FILENAME; done > curltest.txt 2>&1 to bypass Cloudflare and see if the problem still occurs.
Download the CA cert from here: Origin CA certificates · Cloudflare SSL/TLS docs
Then replace FILENAME with the path/name of the CA cert, example.com with your domain and actual-server-ip with the servers IP address.
Replace the 100 with whatever, depending on how often the error occurs. If it still happens when bypassing Cloudflare, the problem is definitely not with Cloudflare.
I appreciate the feedback. There seems to be something wrong with that command since I am getting a ParserError in Line 1 - Missing opening '(' after keyword 'for'. and Variable reference is not valid. ':' was not followed by a valid variable name character. Consider using ${} to | delimit the name.
I think that is a Windows error. The command is posted is a Linux command.
curl is available for Windows though, so if you install it, you could probably try spamming the curl command a few times, the loop syntax will obviously not work.
So I ran that curl command and what am I supposed to see that is wrong? Does it say refused to connect?
I am getting 301 - Moved Permanently, server information, content-length and type, location, and X-Default-Vhost.
It tried the server-ip and connected. It also says:
schannel: failed to open CA file 'cloudflare': The system cannot find the file specified.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with www.tips4gamers.com port 443
* Connecting to hostname: IP
* Trying IP:80...
* Connected to (nil) (IP) port 80 (#1)
> GET / HTTP/1.1
> Host: origin
> User-Agent: curl/8.0.1
> Accept: */*
So I will have to get with my host to figure out the filename.
I appreciate the help! Also, I don’t think I can send PMs.
The filename is the name of the Origin CA you downloaded in the previous step that I linked. Either you’re not running the shell from the same location where the file is in, or you maybe named it incorrectly?
That is not the CA certificate. The CA cert can be downloaded from the page I linked. It is not the certificate that you use on your server, but the one used to authenticate the Origin Certificate.
Anyway, I’ve run the test and didn’t find any problems with 100 repetitions. I’m now trying again with a few more. How often do you encounter the problem when visiting your site? And is it on any page or on specific ones?
epic.network said to allow the server IP in the WAF, which I completely forgot about. I updated it to the new server IP, and deleted the old ones, then the errors in Site Health went away.
Other than that, I cannot replicate the issues anymore.
Also, SiteGround’s system says it’s an invalid CABundle. Not sure why it would all of a sudden say that when it worked fine a couple of years ago. SiteGround required it before but now it’s not a requirement so I just left it out when importing the new cert.
Well, you don’t really need the CA certificate for anything, unless you are specifically trying to bypass Cloudflare while still using the Cloudflare Origin Certificate, like I did for this test.
I wouldn’t break my head over why Siteground required it before but marks it as invalid now. It really doesn’t matter in this case.
And if it’s working again now, I guess we’ll never find out the actual reason for the problem. I’m just very skeptical when on the same day, multiple Siteground users encounter the same problem, and no one else, but they still claim the problem is not with them.
I mean, it’s possible, but I’d rather test that to be sure than just trust the customer support when they blame someone else, because they (not specifically Siteground) always do that in my experience, even if they KNOW the problem is on their side.
Yep, it’s unfortunate that we will not find out. I hope it doesn’t happen again. I was skeptical too, especially after the support tech told me it was being reported quite a bit with other users. I was on the lookout for other posts from people other than SiteGround to no prevail.
I contacted SiteGround several times before coming here because I felt it was on their end. I still feel like it was on their end. They probably got such an influx of people that they escalated it to the sys admins and it was properly investigated.
I really appreciate your help and expertise. I’m going to mark your first reply as the solution.
