Error: Cannot connect using TLS
aradalvand opened this issue · 5 comments
I'm trying to submit my site (amademy.com) at hstspreload.org, but I keep getting the following error:
Error: Cannot connect using TLS
We cannot connect to https://amademy.com using TLS ("Get "https://amademy.com\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)").
This can't be a duplicate of #43 because I'm not using IPv6 at all.
I also tested the site with testlocal.ly — see the results — which confirmed that the website is in fact accessible from San Francisco and various other locations.
But the site itself is hosted in Iran, and I also tested other Iranian websites (e.g. digikala.com, aparat.com), it yields the same error:
I also tried the hstspreload command-line tool, I get this output:
Even though the preloadabledomain command confirms that the site meets the requirements:
What is going on? Thanks in advance.
You do seem to be using this correctly! Sometimes there are issues with a CDN like Cloudflare blocking certain user agents or IPs by default — any chance the site might be using one of those?
@christhompson or @agl, is this something you'd be able to debug in Google Cloud?
Hi @lgarron, thank you for the response.
I'm not sure about the other websites (digikala.com, aparat.com) but mine isn't using a CDN or any kind of a proxy, for that matter, in front of the main server. The DNS A record points directly to the IP of the server.
So, that can't be the problem, I don't think.
This appears to be an issue where GCP is blocking access to the IP addresses for those domains.
This appears to be an issue where GCP is blocking access to the IP addresses for those domains.
Strange... Why would it do that?
Strange... Why would it do that?
It appears GCP blocks Iranian IP addresses. I don't know why GCP blocks Iranian IP addresses.