chrisbespoke edited a comment on issue #1995: URL: https://github.com/apache/incubator-pagespeed-mod/issues/1995#issuecomment-640418780
> Fecht from pagespeed canĀ“t reach the origin resource. No matter if you can do it via curl or a browser. To fecht an https resource, pagespeed need to have ModPagespeedFetchHttps enabled, but this need to be done with the apropiate certificates, same as a browser need the CA certificates to evaluate the web server certificates. That was the problem! Checking with a tool like SSLlabs.com, I could see that although the main website certificate was valid, the CA certificate had expired! It's an issue with Sectigo / Comodo certificates: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 Renewing the certificate fixed all the 404s :) > This is acomplised by enabling ModPagespeedSslCertDirectory directory and ModPagespeedSslCertFile file as stated in the [doc](https://www.modpagespeed.com/doc/https_support#configuring_ssl_certificates) > Read the doc and take account the differences between a RedHat/Centos and Ubuntu/Debian distros. Oddly, the file referenced in `ModPagespeedSslCertFile` doesn't exist (We're on CentOS) but it doesn't seem to cause a problem since I renewed the CA certificate. It doesn't change behaviour if I point it to the files that do exist (ca-bundle.crt, ca-bundle.trust.crt, localhost.crt), so I guess it doesn't matter. > In these message you have posted 2 domains Ah yes, sorry, bad anonymisation of log messages ;) There was only one domain. > The request that have the message > `<!--The preceding resource was not rewritten because its domain (www.somewebsite.com) is not authorized--><!--The preceding resource was not rewritten because its domain (www.somewebsite.com) is not authorized-->` > So you need a ModPagespeedDomain http*://*.somewebsite.com Even now the CA issue has been fixed, I still see those "is not authorized" errors in the debug output whether I set `ModPagespeedDomain` correctly or not (it makes no difference) but only for the requests in the `<head>`, not the `<body>` ? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
