421 Misdirected Request errors

  • I’ve been helping a client set up SSL with GoDaddy for several of his domains that run WordPress. He’s now running the sites on a 40 slot UCC multi-SAN certificate with a single primary domain acting as the main cert and all variations of www and bare domain accounted for.

    But since doing so, when he logs into the WP Dashboard to write posts and upload images, he often, but not always, gets the error “421 Misdirected Request: The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection” in the Safari browser only. He also gets an intermittent JSON error when uploading photos to his site. Some photos will upload and others won’t. All of this happens randomly and without a pattern of frequency from one trial to the next.

    I’ve searched Google for answers, talked to multiple GoDaddy reps, and have done several troubleshooting steps, but nobody seems to have an answer. Nobody can replicate the issue on their machines. It seems to only happen on the blog owner’s side, but it does happen on ALL his devices, even a new iPad Pro.

    Here are some leads I looked at, but that I can’t fully confirm are the cause:

    Vhost Setup Issues
    https://serverfault.com/questions/772901/421-misdirected-request-using-http-2-and-san-ssl#773282

    ISP Issues
    https://serverfault.com/questions/849428/https-showing-cpe-huawei-com-instead-of-my-certificate

    Has anyone else had and solved this issue? Like I said, even GoDaddy is at a loss because they are unable to reproduce the issue on their end.

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)

  • Hi rcwatson,
    Maybe it is a simple browser caching problem since 421 response is cacheable by default.
    Try to clean the browser data or access the web-page in incognito window and see if the response still comes.
    Bruno

    Thread Starter rcwatson

    (@rcwatson)

    Thanks. I should have mentioned that we did clear browser caches like crazy. Also, the issue doesn’t occur in the Private mode of Safari (and not at all in regular or incognito mode of other browsers). It just happens in regular mode in Safari.

    It seems a problem with Safari itself. Safari very recently added a Intelligent Tracking Prevention (ITP) system that can be causing the problem.

    If that is the problem, your website users would need to turn off a feature inside Safari known as Prevent cross-site tracking. But unfortunately this can explain the problem but not solve it, since most of your users will have it on.

    If your website uses an authentication service like Google, you can try to disable it, since it can be triggering the ITP.

    Thread Starter rcwatson

    (@rcwatson)

    Thanks, Bruno. I just got info from the client that he tried loading his site as a regular anonymous visitor from an Apple store in another city on multiple devices. He says it’s happening for him there as well. He’s had these sites since around 2009, and the fact that the issue began happening shortly after we installed SSL. There isn’t a Google authentication service involved.

    One of the readers wrote and said they were using the Vienna RSS reader app and were able to read the posts fine in that app, but the second they opened the posts in Safari tabs, they got the 421 Misdirected Request error.

    I have been having this issue with iPhone IOS version 12.1.4 only for my site. There is a IOS note of the bug and a fix in 12.2 for it. Is this happening only on IOS iPhone devices?
    Bug Reference Link

    Default SNI clientssl profile’s sni_certsn_hash can be freed while in use by other profiles.

    • This reply was modified 5 years, 6 months ago by milothompson.
    Thread Starter rcwatson

    (@rcwatson)

    Thanks. It happens on Chrome on Windows as well.

    Hi @rcwatson where you able to resolve the issue? I have the same problem with 4 websites under the same multi-SAN certificate hosted with GoDaddy. The support rep at go Daddy told me it was a Safari browser issue, but I read that it happens to. you on windows as well?
    GoDaddy recommended buying single license certificates for each site to solve the problem, but that defeats the purpose of owning a multi-SAN certificate.

    Any input is appreciated.

    Thread Starter rcwatson

    (@rcwatson)

    Here’s a post I wrote describing the issue and possible solutions to resolve it. https://webidextrous.com/how-to-solve-421-misdirected-request-errors/

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘421 Misdirected Request errors’ is closed to new replies.