We have a website at www.thexpatmagazine.com but it looks like many users cannot access it, due to a certificate issue. I tried to issue a new certificate but unfortunately it did not work. We are losing a lot of traffic and rank, but I cannot understand where the issue is. The domain is hosted on namecheap and we point the DNS to Netlify, it has been working fine until a few days ago.
Thanks in advance
Sorry to re-take this post, but it seems that many, many users are still unable to use our website and they keep getting errors with the SSL certificate. At this point I really have no idea what to do, any suggestion is welcome.
Here are the screenshot I keep seeing on my Safari Browser
This has become an unsustainable situation, I am not sure what it’s not working but the only thing I am sure it’s about the certificate. I tried to write to Netlify but I am not on a paid account so it’s unlikely they will help me to sort out this.
Thanks in advance to all
I rechecked just to receive the same results. It’s working fine in Chrome, Firefox on Windows and Android.
Sadly, I don’t have any Apple device to check the behaviour on Safari. Can you narrow the problem, as in, is it happening with users only on a specific location, specific device, browser, or something like that?
Hi @hrishikesh thanks for answering.
The problem it’s not about a single user, is about the certificate that it seems not to be valid. For instance it was working for me on google Chrome, I just delete the cache in the browser, opened the website in incognito and got the SSL error. (big mistake btw because now I am totally unable to visit the site xD)
I also tried with Firefox (which I never use it) and same error with the certificate.
As for our users, we have noticed that new users are unable to visit the website, while returning users are not having problems. This makes me thing about the certificate, probably for many users (like me) it was working but for new users, there is something that tells their browser that our certificate it’s not valid.
It’s very hard to track down the real error, because it doesn’t happen to all users (like in this post, it works for all of you, it worked for me until a few days ago, in Chrome, and now it isn’t working anymore)
I just renewed it right now, I guess I have to wait a bit to see if it works.
I also sent an email to the support where we have our domain (namecheap), maybe has to do with their DNS although it seems weird since I just redirect everything to Netlify DNS.
Thanks for the help!
Hi, @antoniofull. Our support team does answer all unanswered questions here on our community site provided those questions are covered by our technical support. For example, troubleshooting a third-party service or custom code would not be questions our support team will answer anywhere - not even the helpdesk (unless there is a custom support contract signed which included them).
To summarize, the same people that answer the help desk tickets do respond here. The only difference here is that the support is done publicly if possible so that other people can learn from the troubleshooting. If the issue were private (like a login or billing issue) we will move those to the helpdesk even for Starter teams.
So, let’s start troubleshooting! The key thing which will help us help you is to find the incorrect HTTP responses.
The most important detail to help us find problem HTTP responses is to send us the x-nf-request-id response header which our service sends with all HTTP responses. These id’s are never reused so if you send us the id, we can find the exact HTTP response.
There more information about this header here:
Now, with SSL issues, the browser typically closes the connection before the header can be sent so you may not have it available. One solution is to temporarily allow insecure connections so you can view it.
Alternatively, please send the information it replaces (or as many of these details as possible). Those details are:
the complete URL requested
the IP address for the system making the request
the IP address for the CDN node that responded
the day of the request
the time of the request
the timezone the time is in
Last but not least, I strongly suspect the root cause could actually be service worker related. If my suspicion is correct and service workers are involved, the support guide below could be helpful:
Again, please send us the details to help us identity the failing HTTP responses and we will be happy to find out what is causing this issue.
So when the page does not load, I am unable to get the x-nf-request-id. I tried with:
Safari - Page Loads
Safari Incognito - Page does not load
Same goes for Chrome, does not load in Incognito.
When the page loads I have the x-nf-request-id, which are
the IP address for the system making the request —> 220.127.116.11
the IP address for the CDN node that responded —> Not sure what this is
the day of the request —> 7th January 2021
the time of the request —> 09:005 AM
the timezone the time is in —> GMT+1
Thanks a lot for the help, I also looked in to the domain DNS but nothing has changed on that side.
As for the service workers, I am looking in to the code, we use Gatsby but I haven’t added any big change recently, as far as I can remember. Will try to disable any package that was added recently, although is hard to test it since locally will work regardless.
As I am writing now, I just got the page opening on chrome in incognito after a few tries, but still not working in Safari, we also have reports from other users some in US and some in Europe, all it seems having issues related mostly with Safari, equally divided between desktop (slightly the majority) and mobile.
Because you are not able to find an IP address for the failing responses, that also supports the hypothesis that this is a service worker issue.
If you find the IP address where your browser is sending the request, please let us know. Likewise, a HAR file recording of the issue will also contain that information. If there are questions, we are happy to answer.
I’m nearly certain that the service worker is the issue but if you have a HAR file recording (or target IP address for the HTTP request) please let us know and we will be happy to take another look.
What I did now, is that I removed completely the service worker from Gatsby ( I unregistered with another plugin), and I am now deploying the new site, hopefully this will solve the issue.
Thanks a lot for the help
Hi, @antoniofull. If the IP address is missing, that is more evidence supporting the hypothesis that local caching (like a service worker) is the root cause. If a new site doesn’t resolve this or if there are other questions, please let us know.
We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate."
I’m not totally sure why that wasn’t working for you in the site dashboard, but I was able to get you a new SSL cert from our end. Looks good in my browser, but please let us know if you’re seeing any issues on your end!