2 domains on the same Apache server

I don't know off-hand. Something seems fundamentally wrong with your Apache or openssl setup. I think "SSLProtocol all" allows Apache to start but does not enable any protocols which is why SSL Labs fails. It means "all possible" but I think none work.

This is not really a Let's Encrypt problem but a general Apache install issue. I am not the best person to help with that. Perhaps another volunteer will help or try stackoverflow.

But, I would start by checking your openssl setup and version. It is what Apache mod_ssl relies on to provide those protocols.

openssl version

The OpenSSL version is 1.0.2g, 1 Mar 2016

Maybe there's another SSLProtocol directive in your config.

grep -ir SSLProtocol /etc/apache2

No, the only SSLProtocol directive is in ssl.conf

But I'm wondering if there is a mismatch between the protocols that Apache version 2.4.18 supports (e.g., not SSLv2) and the protocols that OpenSSL version 1.0.2g provides.

Apache will, at least, start up with

SSLProtocol TLSv1 TLSv1.1 TLSv1.2

but the SSL Labs Server test cannot connect to it.

Please show the details of the "fail".

Please show output again:
apachectl -t -D DUMP_VHOSTS
OR
apachectl -S

apachectl -S

[Sat Apr 09 06:42:11.062841 2022] [ssl:warn] [pid 8122:tid 139788084565888] AH02532: SSLProtocol: Protocol 'TLSv1.1' overrides already set parameter(s). Check if a +/- prefix is missing.
[Sat Apr 09 06:42:11.063002 2022] [ssl:warn] [pid 8122:tid 139788084565888] AH02532: SSLProtocol: Protocol 'TLSv1.2' overrides already set parameter(s). Check if a +/- prefix is missing.
VirtualHost configuration:
*:80 is a NameVirtualHost
default server outriders.org (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost outriders.org (/etc/apache2/sites-enabled/000-default.conf:1)
alias www.outriders.org
port 80 namevhost www.lewlasher.com (/etc/apache2/sites-enabled/lewlasher.conf:1)
alias lewlasher.com
*:433 is a NameVirtualHost
default server outriders.org (/etc/apache2/sites-enabled/000-default.conf:33)
port 433 namevhost outriders.org (/etc/apache2/sites-enabled/000-default.conf:33)
alias www.outriders.org
port 433 namevhost www.lewlasher.com (/etc/apache2/sites-enabled/lewlasher.conf:33)
alias lewlasher.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33

SSL Labs test:

Assessment failed: No secure protocols supported

https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol

With openssl 1.0.2g I'd go for

SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1

If that doesn't work, try

SSLProtocol             all -SSLv3

But in that case, you should upgrade your machine.

Does anyone else see this?:

HTTPS normally runs on 443 (not 433)

LOL Too Funny. I did not see that.

Some of the errors still don't make sense but 433 needs fixing for sure.

Sorry for my delay in getting back. I decided to take yesterday off, and go out of my apartment, and, in fact, go out of town for the day. I got back late last night, and made sure that I was fully rested before coming back to this big SSL enigma facing me, so that I could apply my full attention to the intricate task of correcting my typo. (Full disclosure: earlier this week I had to change "TSL" to "TLS" in ssl.conf ...)

Many thanks, especially to rg305 and MikeMcQ, but, really, to everyone who has participated in this crowd-sourced-debugging.

And, now that I realize how easy it is to get HTTPS working, maybe I'll go on to my lifetime dream of setting up postfix/dovecot ...

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.