Problems accessing a specific web site

Graeme snipped-for-privacy@nospam.demon.co.uk> posted

I can see it. I would guess that it's ISP related; your ISP is blocking the web site, or perhaps a range of IP addresses that includes the web site. Ask the other people who can't see it which ISP they are using.

Algernon Goss-Custard snipped-for-privacy@nowhere.com posted

I should have added: Or the web site itself could be rejecting HTTP requests originating from a particular IP range.

I can see it here as well. So it has to be something else like nameservers not having it or deliberate blocking or perhaps its doing some IP checking and pretending its not there to some addresses. Can you ping it? Brian

One other suggestion.

In a Windows DOS prompt run

nslookup

This should tell you that the site's IP address is 80.82.119.4

If it doesn't, there's a problem with the DNS (domain name service) server that your ISP uses.

If it does, try browsing to https://80.82.119.4 and try pinging 80.82.119.4

Works just now (within the UK). So it's not expired from the root DNS servers. The whois record shows that the registrar registration has expired:

Updated Date: 2020-12-28T12:15:36 Creation Date: 2001-12-27T10:12:38 Registrar Registration Expiration Date: 2022-12-27T10:12:38

The domain owner needs to get onto Easyspace and sort it out...

Was it definitely saying the certificate had expired, or could it have been some other certificate related message such as issuer not trusted, or certificate name doesn't correspond to server hostname?

If you view the site's certificate info (varies per browser, usually via the padlock) what does it say?

DNS entries are cached. in time all the other caches will expire. As far as I can tell it is now up to speed

The domain authority record is 24 hour expiry,but the A records are two days, so you might have to wait that long before whatever upstream DNS server you use clears and reloads its cache...

Its security certificate was reissued November 2020 and will expire in March, so i cant see that as a problem

Firefox detected a potential security threat and did not continue to

80.82.119.4. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

No, in an age of named sites the IP address alone no longer works

Er. Look again carefully...

...Updated Date: 2020-12-28T12:15:36 ...its just *BEEN* updated... ...Registration Expiration Date: 2022-12-27T10:12:38...for another *two years*.

The change simply hasn't caught up yet...for some people.

In message <rsf1ok$veg$ snipped-for-privacy@dont-email.me, The Natural Philosopher snipped-for-privacy@invalid.invalid writes

Thanks for all the comments. I can now access the site normally, and the webmaster explained that the renewal had been paid on time, but presumably due to Christmas, the actual renewal was a little late. The actual renewal then took time to filter through, but now all appears to be well.

I get

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to

If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

uses an invalid security certificate.

The certificate is not trusted because it is self-signed.

This domain name has expired

It has likely got an expired certificate and is using https: certificate seems to be good to 2/2/21 so maybe a temporary glitch was preventing some of you fetching it. FWIW don't see any faults right now.

I had the same issue with BCSS hosting for cactophile wbesites in November when the autorenewal on the security certificates failed.

Paranoid settings fault anything like that since there is a potential man in the middle attack going on. I reckon https tends to be a bit of a liability on hobby sites where no financial transactions occur.

All "Lets Encrypt" certs are short-lived, to encourage automatic renewal.

But it looks like the site owner left it until the last minute to renew the domain registration and came a cropper, it's easy to pay years ahead in most TLDs.

yes. renewal should be automatic but it does mean you have to open port

80 access as well as the HTTPS port. if you dont it's hard to renewew te certs. Which has nothiubg to do with this site, which does have a current security certificate and if you access it the proper way, it doesn't throw an error

Too many 2's, 12's 27's and 28's ...

Unusual these days for DNS changes to take so long. Still depends on the cache timeouts of course but they seem to be much shorter in general than they used to be, hour's or less rather than days.

Mmm. This isn't actually strictly a DNS timeout. Its that the whole NAME doesn't have an entry anywhere in the world, not that a given entry is 'stale'

In message snipped-for-privacy@mid.individual.net>, Rod Speed snipped-for-privacy@gmail.com writes

Site access is only restricted to members, rather than location. Members with access are all over the world, particularly the Colonies.

This is where a browser set up for what the media call the dark web can come in handy. I do not know what is out there these days, since I have no good reason to visit such sites. Brian

Sounds a little sloppy on behalf of the company. I know its only model trains, but what if it was some big international company who rely on their site? Brian