Welcome to WebmasterWorld Guest from 54.196.73.22

Forum Moderators: Ocean10000 & phranque

After switch to https site throws 500 error on W3.org

site passes other https testers

     
6:55 pm on Jul 31, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 4, 2002
posts: 1882
votes: 3


I've been switching several sites over to https and have run into a problem with W3.org a few times. While the website passes the whynopadlock.com tester (validates https changes) it throws a 500 error on W3.org when I try to validate the code and says the DNS is incorrect. I have contacted the host and they say there is no problem, that the DNS is correct. I've had to ignore this issue on two sites, but then I can't use the W3.org validator. The site works just fine when I check it online in both cases.

Does W3.org have a problem with https on some sites?
10:57 pm on July 31, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12344
votes: 807


Does W3.org have a problem with https on some sites?
Not that I've seen. There may be an issue with the security certificate (cert) you're using. Is the cert assigned to your domain? Or are you using a wildcard cert located at your host? Are you using a CDN (like Cloudflare)?
7:43 am on Aug 1, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1910
votes: 302


Try the new(er) validator: [validator.w3.org...]

Also, run your site through the SSL Labs test [ssllabs.com]. Perhaps your cert chain is incomplete.
4:01 pm on Aug 1, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 4, 2002
posts: 1882
votes: 3


@Keyplyr - yes the Certificate is assigned to the domain. Not a wilcard. No CDN.

@Robzilla - Thanks for the link to the new W3.org validator. I was using the old one.

I've been using another DNS checker recommended by the host (dns.squish.net) and the site passes with an A. However using the one you suggested, the site gets an F. for DNS CAA and chain issues. It doesn't explain what those mean however.

However on all the other OLD sites I've switched over to SSL I had to update the DNS as it changed over the years and won't work with SSL/Https. The tech person I talked to this time said it wasn't a problem being as the DNS passed using dns.squish.net. I asked himm to check it twice to no avail. The site works fine and I can't find anything wrong but could the wrong DNS be the problem?
5:25 pm on Aug 1, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1910
votes: 302


DNS CAA is a new thing and not something to worry about. Also, DNS changes are unnecessary when you switch to HTTPS. The W3 validator is probably misinterpreting the issue, saying it's DNS when it's actually looking like a problem with the certificate chain.

The certificate chain is a bundle of certificates that a client can read through in order to validate your domain's identity, i.e. that you are who you make yourself out to be. Your server hands out a certificate, which is vouched for by an intermediate certificate from your Certificate Authority (CA), which in turn is vouched for by a so-called root certificate. It's important that these certificates are all included and that they are in the correct order, otherwise validation becomes difficult or impossible. The SSL Labs tool should tell you which certificates are in the chain, as well as the order they're currently in.

If you pass that information on to your tech person, hopefully they can fix the problem.
11:19 pm on Aug 1, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 4, 2002
posts: 1882
votes: 3


I sent the info to the Tech person and he said these problems are due to the site being on an old server and needs to be upgraded, so that's what I'm encouraging the owner to do now.

Thanks to everyone trying to help.
5:27 am on Aug 2, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:8568
votes: 671


Let us know if this "happy result" works out.
11:54 am on Aug 2, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Nov 13, 2016
posts:559
votes: 84


I sent the info to the Tech person and he said these problems are due to the site being on an old server and needs to be upgraded,

Beside pushing to buy a new plan, what's the argue that this old server could cause something wrong with the TLS ? May be really-really old hardware with a LOT of sites on it, and not able to compute the encryption?
3:28 pm on Aug 2, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 4, 2002
posts: 1882
votes: 3


Yes, it's on an old server. I redesigned it last time in '05.