Solution for SSL Certifcate not Working 80% of the time Apache
is Given Below:
I am having a problem with
HTTPS on my domain.
Across all browsers on (Linux Desktop), it sometimes loads as
https without the Not Secured Warning or
“Your connection is not private”
on chrome and its other variation on different browsers.
On, mobile IOS 14, Android, and others it is 100% not secured no matter the configuration.
For the records, I am using
PossitiveSSL certificate which isn’t free.
here is a snippet of the relevant
virtual host config
Listen 443 <VirtualHost *:443> ServerName example.co ServerAlias www.example.co ServerAdmin [email protected] DocumentRoot /var/www/example.co/public_html .... SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key SSLCACertificateFile /etc/pki/tls/certs/fashiontex.ca-bundle </VirtaulHost>
For the SSLCipherSuite, I’m not going to exaggerate, I have used over 50 values searching the internet.
and on https://www.ssllabs.com/ssltest/analyze.html?d=fashiontex.co I have gotten ratings of A, B but still, it still doesn’t work even after clearing the cache on both windows, iPhone, and ubuntu.
PS: Before writing this entire post, it was showing not secured, when I was done with the above, I refreshed and it showed without the warning and tried again 10 seconds later and it is the same problem of not secured one more time. Please what am I missing?
It turns out that it was truly the Layer 7 SSL Protection which was enabled that was interfering with requests because it intercepts https requests for DDoS protection.
Depending on your hosting provider, mine recommended switching protection to Sensor Mode unless I am been attacked frequently.
So now it works