x
Your opinion in 1 minute.
Help us improve by answering 4 quick questions.
Take Survey Now
52.14.221.113
52.14.221.113
Start Thread
Can't find what you're searching for? Start Thread
novashuttle2021
‎11-07-2021 12:03 PM

Broken SSL Certificates

I'm dealing with a situation that has caused me to hit a wall and I would ask that you bear with me on this so that I can give enough information for the community to help.

 

We have a local shuttle service that runs between Halifax, Nova Scotia and Sydney, Nova Scotia, the name of the business was Scotia Shuttle. Originally, we had a friend of the family that had set up a domain for us, scotiashuttle.ca several years ago, although the site wasn't all that good, this website was built using WIX website builder. This year, we changed our name to Nova Shuttle and thought this would be a good opportunity to revamp the website. I volunteered to build the site using Weebly.com, I did this as was familiar with using Weebly, but not WIX. The domain novashuttle.ca had been registered already by a friend with another registrar so I transferred the domain to GoDaddy, where I have my accounts and verified that it is now with GoDaddy.

 

Once the new novashuttle.ca website was ready, I logged into the GoDaddy account for scotiashuttle.ca and forwarded (301 redirect) the domain to novashuttle.ca using http://novashuttle.ca. After giving it a bit of time, I opened MS Edge and typed the URL: scotiashuttle.ca and it worked fine. Tried a couple of other Browsers and they also worked. I did notice that two A records updated automatically in GoDaddy after doing the site forwarding, these IPs I didn't recognize.

 

A few days later I was notified that some customers were having trouble accessing the website, upon further investigation, I realized the issue was related to the Google Search, here were my findings:

- Typing scotiashuttle.ca in the URL field caused an immediate redirect to novashuttle.ca, this was the case across multiple browsers so the scotiashuttle.ca domain was forwarding to novashuttle.ca
- Searching "Scotia Shuttle" from Google.com produced a result showing "Scotia Shuttle" with "Nova Shuttle" directly under it, but the links were giving a warning that the site was not safe, so it seemed that the problem was residing with the Google Search. At other times I would get a notice that the site couldn't be reached.
- Searching "Scotia Shuttle" from Bing.com cause a large box with "Scotia Shuttle" to come up with a button showing "website", clicking the website button successfully takes you to novashuttle.ca
- Typing https://scotiashuttle.ca causes a warning or the URL to time out and never able to arrive at the novashuttle.ca site.

 

In cases where I was getting the warning of an unsafe site, I would click "Take me anyway" and it would arrive at novashuttle.ca successfully. There was a notice in the warning stating that there was something wrong with the SSL certificate.


I went to SSL Labs and typed in scotiashuttle.ca and it failed, it was showing both the IPs from the A records and stating "Unable to connect to the Server", I have no ideas what these IPs in the A records are pointing to.


I called GoDaddy and they told me that the problem resided with the website host server and that they would need to fix it from their end.


I contacted Weebly.com and they told me that GoDaddy was incorrect and there was nothing they could do as they couldn't access the DNS Records so it would have to be taken care of by GoDaddy.

 

At this point, I don't know what my next move is so any advice is welcome.

Reply
0 Likes
1,244 Views
Message 1 of 6
Report
5 REPLIES 5
MJD
Super Seller
‎11-08-2021 03:21 AM

Hey @novashuttle2021 - I'm a pretty avid web developer nowadays and have dealt with DNS a few times, SSL is one of those things that has to be setup a very specific way - I'm going to do a few WHOIS DNS checks and see what comes back - I'll notify you of updates here : )

Matt - He/They
Sign in and click Mark as Best Answer if my reply answers your question!
mjdws
Shop MJD Photography
Visit MJD Web Services
Reply
0 Likes
1,180 Views
Message 2 of 6
Report
MJD
Super Seller
‎11-08-2021 03:48 AM

In response to MJD

Ok @novashuttle2021 - I believe to have located the problem!

 

scotiashuttle.ca:

- You have A records on scotiashuttle.ca which direct to 15.197.142.1733.33.152.147 - Both owned by Amazon Web Technologies - are these linked to AWS? 

- You have no CNAME records which would be used to complete the acme challenge to sign the SSL 

 

novashuttle.ca:

- You have the correct A record to 199.34.228.163 property of Weebly Inc. 

- You once again have no CNAME records meaning Square/Weebly can't sign an SSL as they can't ensure the security of this domain or access the correct DNS - CNAMEs must be set for SSL registrars to sign an SSL certificate to a domain.

 

Ways to fix this...

Add CNAMEs to the DNS records to point to the correct SSL server (not sure what the exact server is - Square support should be able to help you here: https://squareup.com/help/ca/en/contact?panel=FAB456B04971)

 

Alternatively there may be a way to transfer the domains to Square so everything will be set up!

 

Please note: ALL DNS RECORDS CAN TAKE UP TO 72HRS TO CHANGE. 

 

Please further note: IT MAY TAKE A FURTHER 24HRS FOR SSL TO POPULATE.

 

If this helps please mark it as best answer - I'd also appreciate you contacting me in case I actually just can't see your CNAME records when I dig the domain due to a proxy or anything similar - I'll send you a private message now!

Matt - He/They
Sign in and click Mark as Best Answer if my reply answers your question!
mjdws
Shop MJD Photography
Visit MJD Web Services
Reply
1,179 Views
Message 3 of 6
Report
MJD
Super Seller
‎11-08-2021 05:25 AM

In response to MJD

Right @novashuttle2021

An update from my internet explorations...

I have tested things and novashuttle.ca now definitely has SSL!

scotiashuttle.ca is pointed to Amazon AWS - I don't know if you're maybe trying to use route 53? 

scotiashuttle.ca needs to be assigned as an alias to novashuttle.ca - do GoDaddy have a redirect option?

I have domains with DynaDot, Namecheap, NamesCo and Register - most of which I think have the option to redirect the domain to follow another domain - alternatively you could try a PHP document on a server somewhere so that when visited, it redirects upon load!

 

Here's an article from GoDaddy that I found that may help you: https://uk.godaddy.com/help/forward-my-domain-12123

 

Here's the code for PHP if you decide it is more appropriate to take that route: 

 

<?php
header('Location: https://novashuttle.ca/', true, 301);

 

 

That code should be applied on a server with scotiashuttle.ca as the domain - it will then run the PHP and redirect the user to novashuttle.ca - I can help you if this is what you choose to do : )

 

If this helps, please mark my replies as best answer to help others in the future!

Matt - He/They
Sign in and click Mark as Best Answer if my reply answers your question!
mjdws
Shop MJD Photography
Visit MJD Web Services
Reply
0 Likes
1,074 Views
Message 4 of 6
Report
MJD
Super Seller
‎11-08-2021 05:26 AM

In response to MJD

The code above basically performs the same as what the redirect would from GoDaddy : )

Matt - He/They
Sign in and click Mark as Best Answer if my reply answers your question!
mjdws
Shop MJD Photography
Visit MJD Web Services
Reply
0 Likes
1,074 Views
Message 5 of 6
Report
novashuttle2021
‎11-08-2021 03:49 PM

In response to MJD

Thanks MJDPhotography, I'll check into this and get back to you, thanks for all the help

 

Reply
0 Likes
957 Views
Message 6 of 6
Report
Anonymous
© 2022 Square, Inc.