Adding an api to the site

Brian55 · April 6, 2020, 9:16am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: admin.phillipmorrison.com

I ran this command: Logged in using /login

It produced this output: SSL_ERROR_RX_RECORD_TOO_LONG

My web server is (include version): Linode Server-Ubuntu-18.4

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

My problem is: the certificate is working fine on site, but I have added an api to the backend which is running on a different port. I copied the nginx page that the cerbot changed when adding the ssl and then changed the server name and port. Then set it up as a new service in systemd. It would seem this is not the right thing to do?

9peppe · April 6, 2020, 9:20am

This website works. What's the api address?

JuergenAuer · April 6, 2020, 9:43am

Hi @Brian55

your error says: Your port is a http port, not a https port.

Connecting http via the https protocol - that's this error.

See

https://community.letsencrypt.org:80/

same error message: SSL_ERROR_RX_RECORD_TOO_LONG

So your configuration of that port is wrong.

Brian55 · April 6, 2020, 10:18am

admin.phillipmorrison.com:6200/api

JuergenAuer · April 6, 2020, 10:23am

That port

isn't visible (but that's not required).

It's a http port. So compare the vHost configuration with your working port 443 vHost and fix it.

Brian55 · April 6, 2020, 10:25am

So is it not the correct thing to just copy the nginx server and change the port and server name.
Does the ssl work for both?
If so, where is it loosing the certificate?

9peppe · April 6, 2020, 11:59am

It strictly depends on what you copied.

You should probably read and try to understand what you want to copy. Start from this page: https://nginx.org/en/docs/http/ngx_http_ssl_module.html

Brian55 · April 6, 2020, 3:24pm

I think my question was misleading. I really just need to know how to get the certificate to be accepted on both ip addresses in nginx?

9peppe · April 6, 2020, 4:18pm

The certificate doesn’t care about ip addresses.

Brian55 · April 6, 2020, 4:30pm

So does that mean I can use the same cert details in another server block

9peppe · April 6, 2020, 4:46pm

yes, but not definitely. it still has to be valid for the right domain names.

Brian55 · April 15, 2020, 11:57am

I still can’t get this to work. Does the cert. work when the site is contacting the backend api on a different port? I’m getting an SSL error occurred trying to make a secure connection to the server.

Osiris · April 15, 2020, 4:31pm

Yes, the certificate has nothing to do with the port used. The certificate can even be used for other protocols than HTTPS, for example SMTP for secure e-mail or IMAP et cetera.

The same error? Or different? The error probably originates from a misconfigured server block.

system · May 15, 2020, 4:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.