BlueHost and SSL
Last Wednesday 10/18/06 the site I work for was experiencing some outages. It would be unavailable to us for 15-20 minutes at a time. Then it would spring back up and go down again randomly. The first time it happened we didn’t think to much of it, but as it continued happening we decided it would be bad for business if a customer was contemplating a purchase and click the ‘more info’ button or worse yet if they were in the middle of the checkout process and the site returned unavailable. So, we contacted BlueHost about this issue. I got on the phone and explained to them that this up and down time had happend in the past, and our concerns about it hurting our business and asked if there was something they could do. He said that we were currently on an ‘older’ box and that he would suggest perhaps sending an email to the support group asking them to place us on a newer and less issue-prone server. I sent the email and the next day received a reply that our site had been switched over. This was great news and I continued work as usual. The site seemed to be doing well. I’m constantly on the site updating different things and noticed nothing was wrong. Little did I know there was a big issue I hadn’t come accross yet.
So on Monday 10/23/06, in an effort to streamline our checkout process I was asked to ‘be the customer’ and place and order to see if there were areas we could cut down on clicks and overall intuitiveness of the process. As I added things to my cart all seemed well enough. Then I clicked the ‘checkout’ button and thats when it failed and the problem was discovered. The redirect to our secure server failed on an endless redirect loop and there was no way to proceed through the checkout process past adding products to your cart.
I would later find out that while they did switch our site over to the new box, they neglected to carry over our dedicated IP which is necessary for the SSL certificate. They also didn’t re-install the SSL certificate on the new server (which would have been impossible without the dedicated IP which would have led them to get that straightened out). From what I understand from all of this is that our webpage was trying to redirect to the secure site and the realizing there was a problem was redirecting back to itself and then looping through that a few times until the browser decided it had enough and timed out. This my friends, is NOT a good thing for business. We can only assume that this issue had been going on since that fateful Thursday when the site was moved to the other box and thats quite a few days of missed business.
So what now? Well, the first time I called they said I had something wrong in my code… which was untrue and I knew that because I handn’t touched any of my code since then so nothing had changed. After a bit more research they discovered the above, that the IP address had not been carried over. So, they installed it… but that takes 24-48 to make its way through the DNS so now our site is completely down, unless you happen to know our new IP address which I’m pretty sure our customers were not aware of. But, so be it, if that’s what it takes then thats cool. This morning however it was up but the checkout process was still jacked… though this time without the redirect. So I call back again, and they explain that, oh yeah, the IP address is cool, but they need to install the SSL certificate. As we speak my support email with my SSL key is making it’s way through their support chain. I sure hope this is the end of our issues.
A word to the wise. Make sure you get all your ducks in a row and ask the right questions if you’re switching boxes. You’re going to need all your stuff for your site to work, so don’t let them just carry over part of the site.
And as for us, were setting up testing schedules so that issues like this won’t go un-noticed for days at a time.
Ah, live and learn.