Why won't my site stay verified?

If you've added a site and followed the verification instructions, but the site still won't verify, there is some kind of communication issue. Somewhere between our servers and your site is a problem that prevents SiteDash from reading information from your site.

There are a few common issues we see regularly:

• SSL Certificate Chain missing intermediate certificate. When serving your site over HTTPS, there is a "chain" of certificates. There's the certificate specific to your site on one end, a trusted root certificate at the other end, and one or more intermediate certificates in the middle.
  
  Browsers are forgiving about missing certificates, and will automatically attempt to download them. This means your site may work fine over HTTPS, however, server-to-server communication (like from SiteDash) is going to fail.
  
  To check if this is the case enter your domain name at What's My Chain Cert. That third-party service instantly shows if your server is providing a full chain or if intermediates are missing. If intermediates are indeed missing, add those to your SSL certificate.
• Incorrect file permissions. In some cases the assets/components/sitedashclient/ path or the pull.php file within it (or assets/components/ or assets/) is set to the wrong file permission and access to it is blocked by the webserver configuration.
  
  To test if this is the case, try accessing assets/components/sitedashclient/pull.php from the browser. If that shows a not found, bad request, or permission denied error it is likely to be a file permission issue. The right permission depends on the server, but typically 0755 for directories and 0644 for files.  
• Blocked by firewall or proxy. Most servers have some form of firewall (WAF) to offer an extra layer of security, which may be installed on the server itself or provided as a proxy (such as CloudFlare). Some are configured more strictly than others, and can block the requests from SiteDash.
  
  If there is indeed a firewall or proxy configured, we suggest whitelisting our worker server IPs or to reduce its sensitivity for the assets/components/sitedashclient/ path.
  
  While strict mod_security rules are well known to cause issues with the MODX manager, we rarely see that interfering with SiteDash. If you have experienced issues dealing with mod_security, it is worth a quick glance at the log to make sure that's not the culprit.
• MODX installed in a subdirectory. If the site is not in the root of the domain, SiteDash sometimes gets the path wrong and we'll need to manually correct that for you.

If a site was previously verified, you can trigger a re-verification from the dashboard when viewing the site in Sites > Unverified Sites > Verification Instructions. Doing so will show you the generic error message for the verification, which may contain a non-200 status code:

• 401 with message invalid authentication: this means the keys we have on-file do not match the site. Re-install the client from the manager, providing the site key, to trigger a fresh key exchange.
• 404, 403 without a message: most likely incorrect file permissions or installed in a subdirectory, see above.
• 415: most likely a firewall block, see above.
• 50x: suggest an issue on your server, please check your servers' PHP error log for details.

You may also see:

• cURL error 60: SSL certificate problem: unable to get local issuer certificate: this indicates the used SSL certificate is invalid. Perhaps it's a self-signed certificate? This may also be an indication of a missing intermediate certificate, see the first item above.
• cURL error 28: Operation timed out after 30001 milliseconds with 0 bytes received: this indicates the process took too long. If you're seeing this on regular refreshes/verifications, there's a decent chance it's taking too long to check the health of a really big session table. Try again after clearing the sessions.
• cURL error 28: Connection timed out after 10001 milliseconds: this indicates SiteDash fails to connect to your server. This is almost always a firewall, CDN, or proxy that's actively blocking the requests from SiteDash.

Depending on the exact error we may have additional information in our internal logs. We're happy to take a look and perform additional tests  to help identify the problem. To get started debugging issues like this, please send us an email with the site domain and site key.