Site Cannot Complete SSL Connection

DNS & Network
#1

Yesterday I transferred my site from GoDaddy to Cloudways. At the same time, I added Cloudflare as a CDN.

I cannot access my site at all. In Firefox, both in a regular and private window, I get this error: PR_END_OF_FILE_ERROR. In Chrome, both in a regular and private window, I get this error: ERR_SSL_PROTOCOL_ERROR.

The support team at Cloudways was not able to diagnose and solve this error. It seems that some people can access my site https://themannerlydog.com, while I cannot.

I have already cleared the cache in both Firefox and Chrome. I have already cleared the cache at Cloudflare and Cloudways.

I used to have an SSL certificate from GoDaddy. I installed a Let’s Encrypt certificate at Cloudways. The SSL settings for me at Cloudflare are set to Flexible. Why No Padlock? shows that my site has a certificate from Cloudflare.

I am a little lost on where the issue might be. It is weird that some people can access the site just fine and others cannot.

DNS checker shows that the change to the A record I made has already propagated. However, a traceroute to my site never resolves from my computer.

[kyle] ~ $ traceroute themannerlydog.com
traceroute to themannerlydog.com (167.206.37.137), 64 hops max, 52 byte packets
 1  10.0.1.1 (10.0.1.1)  2.526 ms  1.536 ms  1.810 ms
 2  * * *
 3  173-219-229-76.suddenlink.net (173.219.229.76)  10.789 ms  20.233 ms  14.476 ms
 4  173-219-152-250.suddenlink.net (173.219.152.250)  15.840 ms  18.536 ms  18.375 ms
 5  173-219-152-171.suddenlink.net (173.219.152.171)  41.983 ms
    173-219-152-193.suddenlink.net (173.219.152.193)  54.210 ms
    173-219-152-171.suddenlink.net (173.219.152.171)  43.972 ms
 6  173-219-195-79.suddenlink.net (173.219.195.79)  51.702 ms  47.702 ms  46.534 ms
 7  173-219-238-21.suddenlink.net (173.219.238.21)  47.246 ms
    64.15.0.199 (64.15.0.199)  62.240 ms  61.736 ms
 8  451be0c3.cst.lightpath.net (65.19.113.195)  62.946 ms  56.413 ms  52.745 ms
 9  451be05c.cst.lightpath.net (65.19.118.92)  63.046 ms
    64.15.2.77 (64.15.2.77)  58.251 ms
    451be05c.cst.lightpath.net (65.19.118.92)  61.430 ms
10  451be05a.cst.lightpath.net (65.19.118.90)  55.717 ms
    451be05e.cst.lightpath.net (65.19.118.94)  62.279 ms
    451be058.cst.lightpath.net (65.19.118.88)  62.128 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
.
.
.
64  * * *

What step can I take next to find where the error is?

#2

When testing, https://themannerlydog.com/ loaded fine and correctly from my end.

Second try I got SSL_ERROR_RX_RECORD_TOO_LONG.

Moreove, my ESET NOD32 and Malwarebytes said “Trojan Horse” for your domain themannerlydog.com and IP address 66.42.75.90.
Have you got some malware running at your Website? Have you checked that before?

Your www.themannerlydog.com A record is:
www.themannerlydog.com -> themannerlydog.com -> [ 66.42.75.90  ]
[Looks like you have CNAME's]

Is the CNAME record :orange:?

Would be nice if you can have Full SSL.

#3

I changed the SSL to full, though Cloudways told me I should have it at flexible.

Yes, the CNAME record is set to an orange cloud.

#4

Hi @kyle.shores44, the disable TLS 1.3 suggestion in this tip, Community Tip - Fixing ERR SSL PROTOCOL ERROR seems to work a lot of the time

1 Like
#5

Hi @cloonan, I disabled TLS 1.3 and I still can’t access the site. Interestingly, some people can while I cannot.

#6

I still got your IP instad of Cloudflare when going with FireFox. Can access the site via FireFox:

Screenshot_2021-02-26 Science-Based Dog Training in Houston The Mannerly Dog
Screenshot_2021-02-26 Science-Based Dog Training in Houston The Mannerly Dog1922Ă—1066 422 KB

But cannot via Chrome/Edge - got the error ERR_SSL_PROTOCOL_ERROR:

chrome
chrome2097Ă—1215 395 KB

Due to ERR_SSL_PROTOCOL_ERROR, kindly see here for more information:

Is the A or CNAME record at your Dashboard :orange: or :grey:?

Malwarebytes got me “Trojan Horse” also (again) when accessing your website:
trojan_horse

Either you have mixed-content somewhere or calling some HTTP while using HTTPS.

Or you really have some bad code like malware in JavaScript, etc.

Or, you host your Website at some server which is somehow marked as containing a “malware/virus”.

#7

@fritexvz Here are all of my DNS records.

Screen Shot 2021-02-25 at 8.28.31 PM
Screen Shot 2021-02-25 at 8.28.31 PM2048Ă—1714 457 KB

As far as the Trojan horse goes, I don’t know what to do with that information. I have a firewall running on my site so there shouldn’t be any malware at all. Do you have any ideas on how to detect or mitigate that?

#8

As far as checked, you are using outdated WordPress version?

Kindly, install and scan your website using WordFence plugin for malware and other issues regarding of possibillity of trojan horse (not to mention, can be the IP address or some advertisements?).

#9

Now, definitely, neither I cannot acces via FireFox (not just via Chrome) - it’s due to the virus/malware.

My anti-virus software scans all HTTP/HTTPS requests, so, it blocks immediatly and throws an error for an SSL.

  • as far as I cannot be 100% sure if it is due to virus or Cloudflare misconfiguration …

Says blacklisted:

Screenshot_2021-02-26 Online Website Virus and Malware Scanner
Screenshot_2021-02-26 Online Website Virus and Malware Scanner1231Ă—676 13.3 KB

See here - cryptominer?!:

Screenshot_2021-02-26 URLhaus - Browse
Screenshot_2021-02-26 URLhaus - Browse1255Ă—780 39.1 KB

Tools used:

#10

Upgrade WordPress to the lateste one and plugins and themes also.
Install WordFence plugin - scan and clear.
Check your database, change password, etc.

Purge all the cache at Cloudflare also.

https://quttera.com/detailed_report/themannerlydog.com

Screenshot_2021-02-26 FREE Online Website Malware Scanner Website Security Monitoring Malware Removal Quttera
Screenshot_2021-02-26 FREE Online Website Malware Scanner Website Security Monitoring Malware Removal Quttera846Ă—753 59.4 KB

#11

@fritexvz I’ve already got wordfence installed. I cannot login to the site and there is not a cli that I am aware of to scan it. I am certain that is not the problem anyways since the site has been fine for months.

1 Like
#12

@fritexvz Also, from your screenshot, only two places think it is malware, and not the most authoritative ones. My site was hacked months ago, but I cleaned that up. This is definitely not that, though apparently I still have some blacklists that I need to be removed from.

1 Like
#13

Cannot confirm, but, hm … two AV’s on my side (eset nod32 internet security paid and malwarebytes premium + 2 online tools) report it, … it has to be something in between :slight_smile:

Moreover, regarding the above replies and SSL errors … could it be on the server side?

#14

@fritexvz I don’t know how. I was in contact with the hosting provider and they could not find anything that was not correctly configured.

1 Like
#15

Ha ha @fritexvz

dobar screenshot jedino kaj ga nitko osim nas ne razumije :slight_smile:

1 Like
#16

@babicdd I understand the screenshot alright. It shows that 2 authorities think my site is still hacked even after I cleaned up the site. They have apparently not checked the site recently.

#17

@cloonan I still can’t access the site in Chrome. However, after reseting Firefox entirely, I can access the site.

I have determined that TLS 1.3 seems to be the only version of TLS that Cloudflare will resolve for my site. The minimum version of TLS for me is set to 1.0.

Screen Shot 2021-02-27 at 11.38.30 AM
Screen Shot 2021-02-27 at 11.38.30 AM1046Ă—1482 410 KB

#18

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.