Site loses certificate but not for www, with no user input


#1

Howdy, at the following domain hfg dot me is not when it used to be secure. When www is put in front of hfg site is secure. (cant put full url’s due to forum rules)

I have done nothing to the settings in cloudflare portal, out of nowhere hfg.me is not secure site anymore.

So I am lost, so is our tech at hosting at Softlayer. Hoping the following might help diagnose.

Thanks for any help very much :slight_smile:

esse S at 20:12, Sep 18:
The problem seems to be on Cloudflare’s end, their server is not providing any certificate:

[[email protected] ~]# openssl s_client -showcerts -connect hfg.me:443
CONNECTED(00000003)
write:errno=104

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 289 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1537326694
Timeout : 300 (sec)
Verify return code: 0 (ok)


#2

The naked domain is not set to :orange:, but the www is.

Go to your DNS settings page and click the :grey: for hfg.me and set it to :orange:

Be advised that if hfg.me is also a mail server, this will be problematic, as :orange: does not proxy mail traffic.


#3

Many thanks sdayman!

we named the server as a mailserver 7 years ago as it is our primary dev environment which transitioned into housing our live sites.

Obviously you are learned in these matters, is naming the server mailserver.uspatriot.me not a good thing?

I can change it. Focus now is more on search engine indexing.

Thanks very much

MichaelJ in California


#4

So I just looked at your MX record, and it points to mail.hfg.me, so that’s good. You probably have a DNS entry for that and it’s :grey:.

In other words, it should be ok if you set the DNS entry for hfg.me to :orange:. That shouldn’t interfere with email.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.