Sudden SSL failures

I always used my domain example.com and everything worked as intended.

For SSL i used flexible and had a self signed SSL certificate on my IIS server with PHP 8.
Since, recently some users are starting to get errors trough CURL and Java and opera browser.

Most users however are not affected its like a 1% thing.

Erorrs:
CURL: schannel SEC_E_INVALID_TOKEN 0x80090308 - The token supplied to the function is invalid.
OPERA: ERR_SSL_PROTOCOL_ERROR

Google Chrome/Edge Browser loads the site fine for literally everyone.

Since that error i tried everything, i trusted cloudflare’s CA, and went to Full/Full strict for SSL.

In every situation the 1% of users we’re still affected, i even tried wiping SSL cache on their PC.

The odd thing however is,
My domain also has the “alt.” subdomain and the users with the issue can access alt.example.com just fine (same certificate used, and the certificate is signed to *. and example.com)

Side note: The domain has been up for 3 years straight and this has never happend before.
Its been like this for basically a full week now, so its likely not maintenance related on cloudflares end.

I just realised it might be actually usefull for me to share the actual domain name:
https://ugplugins.com/
https://alt.ugplugins.com/ is the subdomain which does not have any issues.

Certificato SSL - Website, Application, Performance / DNS & Network - Cloudflare Community

It appears some other users might have simular simptoms.
I checked my site here too did not really show anything odd:
cf.sjr.org.uk :: Cloudflare Things

Unfortunatly this is not resolved, and increasing in affected users.

+1

Same procedure with my users and the issue keeps affecting them.

Confirmed the affected region can be USA Toronto/Florida.

  • Updated Windows 11
  • Checked Trusted SSL client certificates
  • Tested with Curl and same error of the topic, only browser can access the URL, nothing else

Interesting the last report of the issue on my end were 2 users in the US too.
(Franklin, Tennessee, United States) and Spring Hill, Florida, United States (US), North America

ISP’s: Spectrum, Comcast Cable

Im sort-of happy that im apparently not the only person affected.
Not ganna lie, i kind of gave up ont he matter as i ran out of ideas/things to check.

In your case can they access a subdomain properly?

If you find the holy fix (or the root cause) please let me know.

I wonder if we can get this issue properly acknowledged to cloudflare because i have a feeling this issue is wider spread then it seems, and that people just have no idea since most users don’t use CURL etc.

1 Like

In my case I have two sub-domains, one for cdn (file storage) and another one for general api.

Both of them if you access directly on browser works perfect, but by any other third-party software no.

Short summary:

  • Curl [fails]
  • Launcher, Updater and main software [fails, they are coded using different stacks too]
  • Edge/Chrome browser [OK]

Also, we made additional tests, with residential network the issue happens, so I requested user to test using mobile data or VPN, both options works perfectly so maybe it’s related to ISP?

I think the issue started on 06/15/2024 (Saturday).

As an additional info, I enabled Total TLS option to see if helps in something, since this error can be related to bad SSL certificate signature, I will back providing a feedback after a user test it and if it solves the issue.

Yeah for me i told people to connect with cloudflare’s VPN (cloudflare warp) and that fixed it for them as a hotifx.

I tried disabling HTTP2 and other TLS versions.

For me i have 2 websites hosted inside IIS (windows server 2019),
1 with PHP
1 with ASP.NET 8.
The subdomain with ASP.NET8 is unaffacted for some reason, but i kinda doubt its because of ASP.

Even with Total TLS option enabled the issue persists, a customer tested it using curl tool.

Could you let one of your users with the issue curl https://ugplugins.com/
If the user has the issue with both our websites we can likely say that its cloudflare.

(Or OVH if you hosted there).

Yep, same issue…

I think it will not be OVH, since my other service is being hosted in a storage company and has the same issue.

If anyone can capture a Netlog of the issue please do and email it to me walshy@

I have never seen this error before but would be very interested to take a look and raise to the right folk if needed!

Also, if you could provide:

  • OS version
  • cURL, Java or Opera version
2 Likes

Curl:

curl 8.8.0 (Windows) libcurl/8.8.0 Schannel zlib/1.3 WinIDN
Release-Date: 2024-05-22
Protocols: dict file ftp ftps http https imap imaps ipfs ipns mqtt pop3 pop3s smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets

Windows:

image


Another user with the same issue, also in the US erroring out on BOTH or websites.

I will send Walshy the network dumps.

Opera version LVL 5 (code: 109.0.5097.142)

@Walshy I’ve just sent the network dumps to walshy@.
Please let us know if you need any further info.

I have not been actively looking at this issue however its too much US to be coincidence imo.

@cjaker Any update from your end? Im assuming your still running into the issue with your site too.

@MNO still occurs with some US users, no solution yet. They are using VPN to suppress it, but isn’t healthy for their gameplay, since can affect latency, routes & etc.

1 Like

Adding to this topic another thing, some users got timeout by requesting my API endpoint, very rarely but can happens. The problem is solved by using VPN, maybe it’s route issue? if yes, what else I can do on my Dashboard?

My dedicated server it’s okay in terms of resource usage, ~2% CPU and ~80% memory usage free.

I’ve send over some network dumps to Walshy and hopefully they can figure it out.

Worth nothing i’ve tried Nartac Software - IIS Crypto did not fix it.

curl --http1.1 https://ugplugins.com
Also that to use HTTP 1.1 did not fix the error either for them.

This really seems like a US only issue.