Page loads over HTTPS only after apache timeout. Works fine on HTTP

by Yamraj   Last Updated January 03, 2018 06:00 AM

We are using a LAMP stack to deliver our website. When I use http to access this website, the page loads almost instantaneously. When I use https to access the site, then the page takes a long time to load. What I realised is that the load happens after the timeout that has been set in the apache.conf file. If I change the timeout value to say 12 seconds, then the page loads after 12 seconds (I've used chrome dev tools to check). The certs are fine and I've used them on other domains. There is something about this site setup that causes the timeout to occur first and then it loads the page (and only over https!). This happens with both self signed and GoDaddy certs so I don't think this is a cert problem.

We are using laravel for the site.

I've tried disabling SSLCertificateChainFile in the vhost and that doesn't make any difference. My vhost looks like:

<VirtualHost *:443>
ServerName myserver.mydomain.com
ServerAlias myserver.mydomain.com
DirectoryIndex index.php
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /root/apache-keys/mycert.crt
SSLCertificateKeyFile /root/apache-keys/mykey.key
SSLCertificateChainFile /root/apache-keys/mybundle.crt
<Directory "/var/www/html">
   Options FollowSymLinks
   AllowOverride All
   Require all granted
</Directory>
</VirtualHost>

There are other sites (different vhosts for different subdomains) hosted on this server. The vhost for each follows the same pattern as this one (*:443) and they are all in different .conf files. Most of them have self-signed certs while one of them shares the cert with this site (the cert is a wildcard cert). Changing the cert to a self-signed one didn't help either. Neither did disabling the other site that shares the same cert.

The error.log shows the below for some of the other sites:

[Wed Jan 03 08:07:03.067875 2018] [ssl:warn] [pid 1328] AH01909: RSA certificate configured for othersite1.mydomain.com:443 does NOT include an ID which matches the server name
[Wed Jan 03 08:07:03.068056 2018] [ssl:warn] [pid 1328] AH01909: RSA certificate configured for othersite2.mydomain.com:443 does NOT include an ID which matches the server name

The browser shows that the landing page loads a little after timeout seconds. If the timeout is set to say 10 seconds, then the browser spins for this long and then takes a couple of seconds additional to load the page (say around 11.6 seconds). This is the landing page and then the other components of the page load within a few seconds. If I change the timeout to 20 seconds, then the page will load after about 22 seconds. The header is:

curl -I https://mysite.mydomain.com/landing-page
HTTP/1.1 200 OK
Date: Wed, 03 Jan 2018 05:37:20 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.21
Cache-Control: no-cache
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik9SOUNYTWtwdjBaK3NkeGlDeE4ySWc9PSIsInZhbHVlIjoiSklhY3pDcEVoc296XC9QbDl6SWsxRzVwY09WbW1hSjR1M0lPb2pkdFV4c1N6ZkdaZmtZMjVoUXRtSXdHc2RzeVVwUlozdCtUU2dORDlpMkZTTWNrY0xRPT0iLCJtYWMiOiJmYTA3ZDg4NTNlNjUzNGVhZmFmN2IzZTE5N2YwMTkwMzA5MzVhODcwMTllYjlhNDVhMTQ0MzZkNjM0ZGUyZjBhIn0%3D; expires=Wed, 03-Jan-2018 07:37:33 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6ImRzYzR4YlBBSlNJT0NvTmIzbFVtbGc9PSIsInZhbHVlIjoiTW1VMkZVY1BOMUNPM0E3d3lNWDF5Wk8zTzhhNmtqZFNna2lDa2g4M3YzTmtBOCt3cVwvQmV4ejNtbTBCQ0NGTE1ObVZvUVZTWkFcL29aTG1YcHIwTGFCQT09IiwibWFjIjoiMWY5YjEyMzNiMjNjMWVkYjdiZjFjM2E5OTYzMDY3MzE5NTQ2MGVkZDk5YWE1MDExYzIyMDJiZmI5NzM5Njk5YSJ9; expires=Fri, 27-Dec-2047 05:37:33 GMT; Max-Age=946080000; path=/; httponly
Content-Type: text/html; charset=UTF-8

I've checked the site in ssllabs.com and there are no issues with the certs.

Apache version is 2.4.7. The output of apache2ctl -S shows that this site is the default server for both port 80 and port 443. I've also added the NameVirtualHost directive to this conf file.

Any help is much appreciated. Please let me know if any additional information is required.



Related Questions



Nginx HTTP to HTTPS redirect is not working

Updated June 12, 2017 15:00 PM

Apache won't redirect HTTP to HTTPS

Updated December 11, 2017 23:00 PM

mod_firehose for Apache 2.2?

Updated July 11, 2015 13:00 PM