Random SSL Failures

1

I tried to show a client a site, and am now getting SSL failures on my app, with certs that are 3 weeks old. Any idea what might be happening?

curl -vvv https://homebasebuilds.com/ output:

*   Trying 137.66.63.10...
* TCP_NODELAY set
* Connected to homebasebuilds.com (137.66.63.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to homebasebuilds.com:443 
* stopped the pause stream!
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to homebasebuilds.com:443

To clarify, I’m using fly’s certs generated using fly certs add.

fly certs list output:

Host Name                 Added                Status
www.homebasebuilds.com    3 weeks ago          Ready
homebasebuilds.com        3 weeks ago          Ready
2 Likes
2

So now the site is responding again, which is good. Unfortunately, the downtime happened right when I was trying to show a client some progress, a very bad look.

Oddly, curl now says the cert is expired:

*   Trying 137.66.63.10...
* TCP_NODELAY set
* Connected to homebasebuilds.com (137.66.63.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: certificate has expired
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

Does anyone from Fly know what might be going on here?

1 Like
3

Hey, I’m experiencing the same.

curl -v https://tracker-server.fly.dev -D - -o /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 66.241.125.57:443...
* Connected to tracker-server.fly.dev (66.241.125.57) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [236 bytes data]
  0     0    0     0    0     0      0      0 --:--:--  0:00:07 --:--:--     0* LibreSSL SSL_connect: Connection reset by peer in connection to tracker-server.fly.dev:443
  0     0    0     0    0     0      0      0 --:--:--  0:00:08 --:--:--     0
* Closing connection 0
curl: (35) LibreSSL SSL_connect: Connection reset by peer in connection to tracker-server.fly.dev:443

No visibility on it and completely out of the blue.