2

I co-own a charity forum that gives support to people in crisis (mental health, self harm, suicidal thoughts etc) Our webmaster left in a bit of a snit a month and a half ago and I have been struggling since. This morning suddenly some of my members (not even most, just a portion) are getting an error on the site.

Some IPs are getting the message:

"Your connection is not private Attackers might be trying to steal your information from suicideforum.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID"

And depending on the browser also getting a "403 Forbidden You don't have permission to access / on this server." error.

When those members access the site via a proxy, everything is good. Most people are accessing the site just fine.

I have checked the SSL certificate and all is supposedly good with that (though it is bought/owned by the errant webmaster and we need to buy a new one probably anyway).

Any ideas why some people are getting this error/what it is? And where I even start to find someone to help fix it.

The nature of the site is that we have around 2500 people a month who come to us for support with mental health and suicidal urges and if even a small portion of them are being blocked by something, that is a big concern to me that they won't get helped - and I have already had panic emails from some that they can't reach the site.

Any help or ideas would be massively appreciated.

Louise Helen
  • 21
  • 2

1 Answers1

2

Your web site is not accessible to users who have IPv6, (about a quarter of the US and close to 10% worldwide, and growing) because your DNS records point to an IPv6 address which does not correspond to your server.

suicideforum.com has address 68.233.227.33
suicideforum.com has IPv6 address 2604:4300:b:6::20:2

When testing via IPv4, I can reach your site and get the correct certificate. On IPv6, I reach a completely different site whose SSL certificate claims to be corvuise.me and which serves the Forbidden error you noted.

To resolve the problem, correct your DNS AAAA record so that it has the correct IPv6 address of your server (or remove it, if your server doesn't yet have IPv6).

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • What is your explanation for 403 ?? I am guessing this is nothing to do with SSL but some resource of his app is not having right permissions set? – hagrawal7777 Mar 07 '16 at 23:10
  • @hagrawal Huh? The 403 is irrelevant, because it's on someone else's server! – Michael Hampton Mar 08 '16 at 00:38
  • It will not be someone else's server but their own sucide forum server .. Probably something to do with server trying to access a resource for which it doesn't have appropriate permissions .. But yes it is not related to IP version thing .. – hagrawal7777 Mar 08 '16 at 10:24
  • @hagrawal I'm sorry, but you're mistaken. The user fixed this issue using my directions before you ever said anything. – Michael Hampton Mar 08 '16 at 15:05
  • Buddy, I never meant that I am trying to help the OP with my comments, I wanted to segregate the fact that "NET::ERR_CERT_AUTHORITY_INVALID" has nothing to do with 403 .. – hagrawal7777 Mar 08 '16 at 15:23
  • @hagrawal From her perspective it is already solved. Of course, the SSL error and the 403 are unrelated to each other! But that's completely irrelevant. – Michael Hampton Mar 08 '16 at 15:28
  • If she fixes the "NET::ERR_CERT_AUTHORITY_INVALID" issue then I am sure it wouldn't fix the 403 .. since she has raised the question for both issue so I would prefer not to call 403 as irrelevant .. BTW, I don't think she has confirmed that it is solved - both "NET::ERR_CERT_AUTHORITY_INVALID" and 403, so it is pre-mature to say - "*it is already solved*" .. – hagrawal7777 Mar 08 '16 at 15:38
  • @hagrawal You still do not understand the problem. The SSL error was not on her server to begin with, nor the 403 error! They both were on someone else's server! – Michael Hampton Mar 08 '16 at 15:39
  • Are we really discussing that whether its her server or she co-owns it or its somebody else's server ?? In simple words issue is at server's end, whoever owns it .. Also fact is that 403 is not because of SSL or IPv6 issue .. Also, the fact is that your suggestion is likely to help her fix SSL issue (*only she can confirm I will prefer not to comment*) but not 403 .. – hagrawal7777 Mar 08 '16 at 16:22
  • @hagrawal Please just stop. You do not know what you're talking about. You clearly do not understand the issue. Do not post here again until you have learned enough to understand the problem and its solution correctly. – Michael Hampton Mar 08 '16 at 16:24