SSL - Not secure

image



SSL not working on my site:
oasen.media

I have cleared cache and tried firefox, chrome, safari and opera browsers.

Test results for SSL:

All looks fine for me in Australia:

[email protected]:/tmp# curl -L -v http://oasen.media/
*   Trying 104.31.81.21...
* TCP_NODELAY set
* Connected to oasen.media (104.31.81.21) port 80 (#0)
> GET / HTTP/1.1
> Host: oasen.media
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 11 Apr 2019 10:48:03 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Thu, 11 Apr 2019 11:48:03 GMT
< Location: https://oasen.media/
< Server: cloudflare
< CF-RAY: 4c5c62ce5cfca524-NRT
<
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host oasen.media left intact
* Issue another request to this URL: 'https://oasen.media/'
*   Trying 104.31.80.21...
* TCP_NODELAY set
* Connected to oasen.media (104.31.80.21) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=sni.cloudflaressl.com
*  start date: Apr 10 00:00:00 2019 GMT
*  expire date: Apr 10 12:00:00 2020 GMT
*  subjectAltName: host "oasen.media" matched cert's "oasen.media"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56ca8ea8)
> GET / HTTP/1.1
> Host: oasen.media
> User-Agent: curl/7.52.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< date: Thu, 11 Apr 2019 10:48:05 GMT
< content-type: text/html; charset=UTF-8
< set-cookie: __cfduid=db4ce8349b77d0cbba695ea35552cbc451554979684; expires=Fri, 10-Apr-20 10:48:04 GMT; path=/; domain=.oasen.media; HttpOnly; Secure
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< pragma: no-cache
< set-cookie: FileRunSID=as9hv9lamk9ol6ndd94ffkil66; path=/
< vary: Accept-Encoding,User-Agent
< cache-control: max-age=300
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 4c5c62d4a87c9427-NRT

HTTPS version of the site looks fine with CF-issued SSL cert and no mixed content. Local caching issue, perhaps?

I tested now on a different computer and it works there.
I have removed cache in chrome on my main computer and still doesn’t work.

What else could i try on main computer?

I’m on a mac, tried firefox, chrome, safari and opera.
Cleared cache on all browsers and tried renewing DNS lease on Mac

It was an issue regarding DNS in wifi settings on the Mac
image

I removed custom DNS (open DNS) and readded, and pressed renew DHCP lease.

Now it works!

1 Like

While you’re here, and mentioned Flexible, just thought I would make you aware of the issues with that SSL mode and why it is not recommended. :slightly_smiling_face:

3 Likes

OpenDNS have (IMO only) the odd glitch like that. you can check their regional caches here:

Sometimes you just get stale IPs on some locations for longer than you expect.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.