After switch to https site throws 500 error on W3.org

Forum Moderators: phranque

Message Too Old, No Replies

After switch to https site throws 500 error on W3.org

site passes other https testers

Lorel

6:55 pm on Jul 31, 2018 (gmt 0)

I've been switching several sites over to https and have run into a problem with W3.org a few times. While the website passes the whynopadlock.com tester (validates https changes) it throws a 500 error on W3.org when I try to validate the code and says the DNS is incorrect. I have contacted the host and they say there is no problem, that the DNS is correct. I've had to ignore this issue on two sites, but then I can't use the W3.org validator. The site works just fine when I check it online in both cases.

Does W3.org have a problem with https on some sites?

keyplyr

10:57 pm on Jul 31, 2018 (gmt 0)

Does W3.org have a problem with https on some sites?

Not that I've seen. There may be an issue with the security certificate (cert) you're using. Is the cert assigned to your domain? Or are you using a wildcard cert located at your host? Are you using a CDN (like Cloudflare)?

robzilla

7:43 am on Aug 1, 2018 (gmt 0)

Try the new(er) validator: [validator.w3.org...]

Also, run your site through the SSL Labs test [ssllabs.com]. Perhaps your cert chain is incomplete.

Lorel

4:01 pm on Aug 1, 2018 (gmt 0)

@Keyplyr - yes the Certificate is assigned to the domain. Not a wilcard. No CDN.

@Robzilla - Thanks for the link to the new W3.org validator. I was using the old one.

I've been using another DNS checker recommended by the host (dns.squish.net) and the site passes with an A. However using the one you suggested, the site gets an F. for DNS CAA and chain issues. It doesn't explain what those mean however.

However on all the other OLD sites I've switched over to SSL I had to update the DNS as it changed over the years and won't work with SSL/Https. The tech person I talked to this time said it wasn't a problem being as the DNS passed using dns.squish.net. I asked himm to check it twice to no avail. The site works fine and I can't find anything wrong but could the wrong DNS be the problem?

robzilla

5:25 pm on Aug 1, 2018 (gmt 0)

DNS CAA is a new thing and not something to worry about. Also, DNS changes are unnecessary when you switch to HTTPS. The W3 validator is probably misinterpreting the issue, saying it's DNS when it's actually looking like a problem with the certificate chain.

The certificate chain is a bundle of certificates that a client can read through in order to validate your domain's identity, i.e. that you are who you make yourself out to be. Your server hands out a certificate, which is vouched for by an intermediate certificate from your Certificate Authority (CA), which in turn is vouched for by a so-called root certificate. It's important that these certificates are all included and that they are in the correct order, otherwise validation becomes difficult or impossible. The SSL Labs tool should tell you which certificates are in the chain, as well as the order they're currently in.

If you pass that information on to your tech person, hopefully they can fix the problem.

Lorel

11:19 pm on Aug 1, 2018 (gmt 0)

I sent the info to the Tech person and he said these problems are due to the site being on an old server and needs to be upgraded, so that's what I'm encouraging the owner to do now.

Thanks to everyone trying to help.

tangor

5:27 am on Aug 2, 2018 (gmt 0)

Let us know if this "happy result" works out.

Dimitri

11:54 am on Aug 2, 2018 (gmt 0)

I sent the info to the Tech person and he said these problems are due to the site being on an old server and needs to be upgraded,

Beside pushing to buy a new plan, what's the argue that this old server could cause something wrong with the TLS ? May be really-really old hardware with a LOT of sites on it, and not able to compute the encryption?

Lorel

3:28 pm on Aug 2, 2018 (gmt 0)

Yes, it's on an old server. I redesigned it last time in '05.