SSL handshake failed - help!

I’m getting the “SSL handshake failed” notice when I try to access my website. I have no idea why as it’s been working fine for the last 18months and nothing has been changed. I’m sure the certificate was automatically renewed. Not sure what’s happened but I haven’t a clue how to fix it. The usual tip of switch to flexible instead of full then gives me the “cannot load this page” notification.

Any ideas anyone?

Many thanks

Russ

If you had “Flexible” your site was never secure to begin with. Switch to “Full strict” and make sure the certificate on your server is valid.

Hi, Sandro. I’ve never had it on flexible. It’s always been on full. Only briefly tried flexible to see if it would fix things. It didn’t so I’m at a loss as to how to fix it. Wondering of my certificate is valid and if not, what to do about it.

Fair enough, sorry, misunderstood your statement. Thought you switched the other way round and whoever suggested to switch to Flexible should be tarred and feathered :slight_smile:
“Full” is much better than Flexible but only “Full strict” really is secure. Switch to it once you have the certificate in place.

Let’s start with the domain, though :slight_smile:

the domain is www.russstyler.com

Does your server IP address end in 140?

If not, would you feel comfortable sharing it here?

Yes, that would be right.

In that case your server configuration is broken, it doesn’t return a certificate, not even an invalid one. Fix that on your server and the site should return online (don’t forget ot switch to Full strict as well).

Thanks for the advice.

I’m not sure how I go about fixing that though? I’m also confused as to how it would be wrong in the first place? I haven’t changed anything myself.

I am afraid that is something for your host to clarify. It seems not only your site is broken, but the whole HTTPS stack on that machine does not really work.

You could also pause Cloudflare for the time being, to debug it better. In that case the proxied would be disabled and all requests would go directly to your server (be aware, that will expose your IP address too).

Hi Thanks again.

I have checked the ip address and that is the address of the host so I’m not sure how that would make it broken?

I considered pausing Cloudflare…and would if I knew how. lol.

Bottom right on the Overview screen.

image

Hi,

I’m still trying to resolve my 525 SSL Handshake failed problem.

For comparison, a site that I own that does not have the same issue, comparing them I can’t see why one is working fine with the universal SSL and the other is not. Is there a key difference you can identify that clearly shows why one should work and the other not?

The site that is working fine with SSL is www.russstyler.co.uk
The one that isn’t is www.russstyler.com

Many thanks in advance

It still is the same issue. You need to talk to your host

$  openssl s_client -connect ORIGIN:443 -servername russstyler.com
CONNECTED(00000003)
3070025728:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1407:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 199 bytes
Verification: OK
---

Many thanks for that. One final point, does the site that DOES work fine match up with it’s ip address? I’m assuming it must.

If you could confirm that then I can mention that to my host as a point of comparison so that they know for sure where the problem is. To be fair, the Host isn’t the most helpful.

Thanks

I am not sure about your question. What do you mean with match up? That site is not on the same server I presume.

Assuming the .co.uk’s IP address ends in 34, it also appears as if it didn’t have a valid certificate. Contrary to your .com domain that server does have a certificate in place however it is not valid for your domain and hence not really secure either.

Sorry, I misinterpreted an earlier response. Clearly my other site returns a certificate.

I have the correct nameservers pointing to cloudflare for the SSL and as far as I know that was all I needed to do on the host site to get it working. In fact its been working fine until the other day, I’m wondering if something went wrong with the automatic renewal?

Is there something I have missed in regards to that? Did I need to do something?

As you can tell, my knowledge is limited on this so apologies for that.

Both sites should return a certificate from the proxies. The issue is not Cloudflare, the issue is the hosts.

For both sites you should talk to your hosts and get your sites properly working on HTTPS without anything Cloudflare related.

The .co.uk site is slightly better as it at least has a basic SSL setup (still insecure though), the .com site doesn’t have anything in that regard.

OK, well I’m only using a universal SSL at present for both sites, so it seems that for some reason the .com site is acting as if there’s nothing at all.

I may well have to just purchase one from the host to resolve it.

Universal SSL is not related to your server. You need valid certificates on your server.

I am afraid, there really is not more to say at this point. You need to get this fixed by your hosts.