Want more timely Centmin Mod News Updates?
Become a Member

SSL Pingdom reports SSL error but site works fine

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Jon Snow, Jul 21, 2017.

  1. Jon Snow

    Jon Snow Active Member

    199
    29
    28
    Jun 30, 2017
    Ratings:
    +38
    Local Time:
    12:08 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    Did a speed test with the Pingdom tool and it reports an SSL connection error. The website itself works fine for me though but I'm wondering if this is anything to worry about.

    Screencap from Pingdom (other sites load up fine when tested) :

    [​IMG]

    Response code :

    [​IMG]

    I contacted my SSL cert provider and they used a tool to check the cert and they said everything seemed fine and to contact Pingdom about the problem. I don't think I'll get a response from Pingdom so I'm trying here first before attempting to get in contact with them.
     
  2. RoldanLT

    RoldanLT Well-Known Member

    3,975
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    12:08 AM
    1.11
    10.2
  3. Jon Snow

    Jon Snow Active Member

    199
    29
    28
    Jun 30, 2017
    Ratings:
    +38
    Local Time:
    12:08 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    1. Got a grade A for the IP.
    2. "Unable to connect to the server" for IPv6 address.

    Below the two boxes had "Warning: Inconsistent server configuration".
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,898
    6,908
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,403
    Local Time:
    2:08 AM
    Nginx 1.13.x
    MariaDB 5.5
    Pingdom uses very old Chrome 39 browser for those tests so could be not supporting ssl ciphers in Nginx ssl configuration ?

    can also use dev version of ssllabs SSL Server Test (Powered by Qualys SSL Labs)

    but that means you have IPv6 enabled on server, but not configured Nginx vhost for IPv6 or domain AAAA dns record for IPv6

    I'd try disabling IPv6 and see.

    To disable ipv6 plenty of centos guides http://lmgtfy.com/?q=how+tp+disable+ipv6+on+centos :)

    like
     
    • Like Like x 1
  5. Jon Snow

    Jon Snow Active Member

    199
    29
    28
    Jun 30, 2017
    Ratings:
    +38
    Local Time:
    12:08 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    That did the trick.
     
    • Like Like x 1
  6. Jon Snow

    Jon Snow Active Member

    199
    29
    28
    Jun 30, 2017
    Ratings:
    +38
    Local Time:
    12:08 PM
    Nginx 1.13.4
    MariaDB 10.1.26
    I've been seeing this in the error log :
    Code (Text):
    2017/07/23 15:12:13 [crit] 1063#1063: *104784 SSL_do_handshake() failed (SSL: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt error:14039119:SSL routines:ACCEPT_SR_CERT_VRFY:decryption failed or bad record mac) while SSL handshaking, client: 141.212.122.32, server: 0.0.0.0:443

    Anything to worry about?
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,898
    6,908
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,403
    Local Time:
    2:08 AM
    Nginx 1.13.x
    MariaDB 5.5
    IP belongs to some research scanner 141.212.122.32 IP Address Details - ipinfo.io probably doesn't support nginx ssl cipher preferences as some visitor clients/scanners are pretty old

    University of Michigan Internet-Wide Scanning Research

     
    • Informative Informative x 1