SSL error requiring CNAME record for ISP

I see that your host is one.com.

There have been a number of people using one.com in the last days that had problems with their SSL configuration disappearing, see here:

I recommend that you keep the record on DNS-only for now and contact one.com support, as the server for your website does not have a certificate configured. Here are my test results:

openssl s_client -showcerts -servername kristerbladh.com -connect 77.111.240.68:443
CONNECTED(00000003)
4047C34A507F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 318 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
openssl s_client -showcerts -servername kristerbladh.com -connect [2a02:2350:5:109:5100:0:45b8:1e0e]:443
CONNECTED(00000003)
401787B9817F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 318 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
1 Like