Unable to reach website, has my certificate expired?

Website, Application, Performance DNS & Network
1

I have an A-record pointing to the public IP of my web server. Web configuration file permanently redirects to using https and that the certificates are located correctly to the path specified. However, when I use another computer and issue: curl -I <subdomain.domain.com>
I received the following output:
user@machine:~# curl -I <subdomain.domain.com>
HTTP/1.1 301 Moved Permanently
Date: Tue, 02 May 2023 06:58:42 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 02 May 2023 07:58:42 GMT

Has my certificate expires? I am using the wild card certificate and checked that the expiry date has not arrived. Why is there an output says that it has expires?

3

This header is nothing to do with the certificate. Quoting from Expires on MDN:

The Expires HTTP header contains the date/time after which the response is considered expired.

1 Like
5

Another thing I noticed is that if the certificates specified in the web config path should be the ones it is using, but when I launch the URL <subdomain.domain.com>, there is a lock icon (indicating it is using https), the certificate appeared to be issued by Cloudflare. Why is the certificate “issued” by Cloudflare when the wild card certificate purchased was not from Cloudflare?

7

Are you proxying through Cloudflare? Then that’s probably why the certificate says it comes from Cloudflare.

1 Like
8

Not at all. In the DNS record, A-record can be either “DNS only” or “Proxied”. It is “DNS only”.

9

Probably not. cURL will tell you if the certificate has expired, as in this example:

% curl https://expired.badssl.com
curl: (60) SSL certificate problem: certificate has expired

I would suspect that the SSL Mode in your Cloudflare is set to Flexible. Set this to Full (Strict). The issue is that your Origin is redirecting to HTTPS, but Cloudflare is configured to talk to your Origin only over HTTP.

1 Like
10

Apologies, having checked again:

  1. the web server webconfig for port 80 all commented out. Only port 443 is configured for this <subdomain.domain.com> site.
  2. in the Cloudflare DNS setting for the , it is “DNS only”
  3. having use the command curl https://subdomain.domain.com, I do not have any error, instead the body of the page (from the curl output) shows exactly the same as if I browse to that url using a browser; the page shows the web server landing page instead

I did restarted the web server, no error whatsoever and no changes in the configuration was done.

12

More information, in the Cloudflare, there is an entry in the load balancing showing 2 web servers; both are healthy. From my question earlier, I do not know if it is due to the SSL, but is there any SSL certificate need to be purchased and place inside Cloudflare?

13

If the relevant DNS entry is DNS only, then no other settings in Cloudflare matter at all.

I’m not really sure what this means.

What is the actual issue?

Your original question was if the certificate is expired, and based on the information you gave the answer is probably no.

2 Likes
14

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.