SSL - Not secure

#1

image



SSL not working on my site:
oasen.media

I have cleared cache and tried firefox, chrome, safari and opera browsers.

Test results for SSL:

0 Likes

#2

All looks fine for me in Australia:

[email protected]:/tmp# curl -L -v http://oasen.media/
*   Trying 104.31.81.21...
* TCP_NODELAY set
* Connected to oasen.media (104.31.81.21) port 80 (#0)
> GET / HTTP/1.1
> Host: oasen.media
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 11 Apr 2019 10:48:03 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Thu, 11 Apr 2019 11:48:03 GMT
< Location: https://oasen.media/
< Server: cloudflare
< CF-RAY: 4c5c62ce5cfca524-NRT
<
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host oasen.media left intact
* Issue another request to this URL: 'https://oasen.media/'
*   Trying 104.31.80.21...
* TCP_NODELAY set
* Connected to oasen.media (104.31.80.21) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=sni.cloudflaressl.com
*  start date: Apr 10 00:00:00 2019 GMT
*  expire date: Apr 10 12:00:00 2020 GMT
*  subjectAltName: host "oasen.media" matched cert's "oasen.media"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56ca8ea8)
> GET / HTTP/1.1
> Host: oasen.media
> User-Agent: curl/7.52.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< date: Thu, 11 Apr 2019 10:48:05 GMT
< content-type: text/html; charset=UTF-8
< set-cookie: __cfduid=db4ce8349b77d0cbba695ea35552cbc451554979684; expires=Fri, 10-Apr-20 10:48:04 GMT; path=/; domain=.oasen.media; HttpOnly; Secure
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< pragma: no-cache
< set-cookie: FileRunSID=as9hv9lamk9ol6ndd94ffkil66; path=/
< vary: Accept-Encoding,User-Agent
< cache-control: max-age=300
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 4c5c62d4a87c9427-NRT

HTTPS version of the site looks fine with CF-issued SSL cert and no mixed content. Local caching issue, perhaps?

0 Likes

#3

I tested now on a different computer and it works there.
I have removed cache in chrome on my main computer and still doesn’t work.

What else could i try on main computer?

I’m on a mac, tried firefox, chrome, safari and opera.
Cleared cache on all browsers and tried renewing DNS lease on Mac

0 Likes

#4

It was an issue regarding DNS in wifi settings on the Mac
image

I removed custom DNS (open DNS) and readded, and pressed renew DHCP lease.

Now it works!

1 Like

#5

While you’re here, and mentioned Flexible, just thought I would make you aware of the issues with that SSL mode and why it is not recommended. :slightly_smiling_face:

3 Likes

#6

OpenDNS have (IMO only) the odd glitch like that. you can check their regional caches here:

Sometimes you just get stale IPs on some locations for longer than you expect.

1 Like