Cloudflare SSL Handshake Error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://julianstaudt.de

I ran this command: certbot -d julianstaudt.de (renewed and replaced my existing certificate)

It produced this output: If I try to access the webpage it generates a ssl handshake error followed by some redirect errors

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): Debian GNU/Linux (9)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): if you mean cloudflare by that, yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

So basically all this started happening after I installed my new router (https://store.ui.com/products/udm-pro). The thing is that I am still using my old one (Fritz!Box 7590) to provide the internet access. I’ve disabled all features on the Fritz!Box and added the UDM as an exposed host. And ofc I’ve created the port forward rules on the new router. I can access the website fine when using my wan ip, but once I do https://:443 I get a ‘PR_END_OF_FILE_ERROR’. Once I use the domain, cloudflare shows up the ssl handshake error page followed by a redirect caused by too many 301 redirects (idk what causes them too)

Any help is appreciated :slight_smile:

2 Likes

Hi @JarFiles

first, you have created two certificates - https://check-your-website.server-daten.de/?q=julianstaudt.de#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-02-19 2020-05-19 julianstaudt.de - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2020-02-19 2020-05-19 julianstaudt.de - 1 entries duplicate nr. 1

So that part has worked, don’t create a new certificate, there is a rate limit.

Second, your local nginx port 443 doesn’t work.

What says

certbot certificates
nginx -T
1 Like

Thank you very much for your answer. Here is the output:

certbot certificates

https://prodigysupport.team/paste/?3cbe672760736791#FphAEwhGTteboFkGesSkqqNZrW49nP73KLpnQ3viRfaD

nginx -T

https://prodigysupport.team/paste/?4d978d4c2f1afe68#5mDDuG5uWL2pML37ja3c7aL5vJ3spdpCbCn2LAg3HWrE

There is no direct error visible.

But some of your other domains are buggy too.

https://drive.julianstaudt.de/
SSL_ERROR_RX_RECORD_TOO_LONG

that’s http over port 443. Same with notes. And the ci is used with Cloudflare, there is the same SSL handshake error.

Looks that none of your domain works.

SSL_ERROR_RX_RECORD_TOO_LONG: Is there a wrong port forwarding port 443 extern -> port 80 intern?

Perhaps remove one (or all, nothing works) port 443 definitions (first: Make a backup), then try to fix one.

Or (if your port 80 works):

Use the --reinstall option from Certbot, so a new working port 443 is created.

Or you have another bug in your configuration, so nothing works.

1 Like

I just tried to fix the main domain (https://julianstaudt.de), haven’t changed the ip of the webservers for the other domains yet (had to change all cuz of the new router)

Someone helped me fixing it. I had one port forward rule for both ports which didn’t work. I have created a separate one for the http and the https port now and it works perfectly fine :grinning:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.