Suddenly a SSL error via Comcast but will load fine via AT&T


#1

Hello. Today I noticed that our sites https://www.ganoksin.com and https://orchid.ganoksin.com won’t load. All browsers I tried give ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

Oddly enough, when I pop into my iPhone and access them thru AT&T they load fine. But via my regular Comcast connection I get that ssl error. (I also had a friend try through their own Comcast connection and they also get the ssl error.)

After much googling, I decided to try enabling DNSSEC for this domain and entering that info into our registrar. That didn’t help.

Any ideas? Thanks!


#2

I’m having the exact same issue, and it’s absolutely infuriating. I’m hoping support can step in and help.


#3

It’s the strangest thing. Are you having trouble loading any other sites via Comcast? Or just this one site?

Here’s another odd wrinkle to the situation. I had a friend try to load the site from a couple towns over also using Comcast and it wouldn’t load for him either. So it’s not just limited to my modem/router, as far as I can tell.


#4

BTW, I’m reaching out to Comcast as we speak. I also opened a ticket with Cloudflare and they said everything looks fine on their end.


#5

It looks like this has spawned into four threads. Let’s just stick with the one:


#6

(I’m just going to reply here since I don’t want to confuse too many issues that may actually be different and this is the thread I started.)

The problem is resolved for me now. I contacted Comcast but the agent couldn’t help me so they gave me an email address of a DNS tech at Comcast but I got no reply.

In the mean time Cloudflare Support ended up replying to me again and said that they “reordered a new certificate for ganoksin.com.” That seems to have fixed the issue.

It’s hard to know what was going on. The only thing I can think of is that maybe the SSL setup was deemed insecure for some reason and flagged in Comcast’s system but the new SSL cert met Comcast’s requirement and then it became accessible again? Completely just guessing here. I’ll see if Cloudflare has an explanation or if they just took a stab at installing a new cert and it happened to work.


#7

This is what Cloudflare Support said was the problem: “The issue here was that the certificate for your site had expired. Ordinarily this should be automatically renewed, however in this instance there seemed to have been issues in completing this process, so the certificate had to be reordered.”

Honestly, that doesn’t explain why one regional section of Comcast would throw an SSL error but the rest of the world could access the site. But at any rate, it’s all working now so that’s the upside!