Hi, @rarkins, I would normally ask for an x-nf-request-id header or a HAR file capture of the issue but if the SSL negotiation is failing both options may unavailable.
There more information about the x-nf-request-id header here:
If that header isn’t available for any reason, please send the information it replaces (or as many of these details as possible). Those details are:
- the complete URL requested
- the IP address for the system making the request
- the IP address for the CDN node that responded
- the day of the request
- the time of the request
- the timezone the time is in
Or, if you prefer, you might be able to get most of this information with a curl command:
curl -k -svo /dev/null https://renovatebot.com/
This is what I see currently (which is that SSL is working):
$ curl -k -svo /dev/null https://renovatebot.com/
* Trying 206.189.73.52...
* TCP_NODELAY set
* Connected to renovatebot.com (206.189.73.52) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [229 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2577 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.renovatebot.com
* start date: Apr 7 01:10:43 2020 GMT
* expire date: Jul 6 01:10:43 2020 GMT
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fd60e80d600)
> GET / HTTP/2
> Host: renovatebot.com
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 150)!
< HTTP/2 200
< cache-control: public, max-age=0, must-revalidate
< content-type: text/html; charset=UTF-8
< date: Thu, 23 Apr 2020 05:42:15 GMT
< etag: "e6890028a4ea584c8217b4c73fc12363-ssl"
< strict-transport-security: max-age=31536000
< age: 2
< server: Netlify
< x-nf-request-id: adedbd87-c9b2-4209-bbb5-f3188394601a-7719303
<
{ [7560 bytes data]
* Connection #0 to host renovatebot.com left intact
* Closing connection 0
Would you please send us the output of the command above?