Sometime today several domains that I host on an old server all started having the same issue on Chrome Only. I have tried all of the online instructions for purging ssl from internet options, checking firewall, etc. I am a graphic artist and not a server guru so bear with me on any help or instructions as they might not make sense to me at first. I very much need to move everything off of this old server. Just hoping to figure this out for now. I found some of the answers to the below questions in my Plesk panel.
This is because Chrome has recently disabled the obsolete Sha-1 algorithm. You can fix this by upgrading OpenSSL. It isn’t a problem with the certificate so there’s nothing Let’s Encrypt can do to help here.
There is no such version of CentOS, but the 6.x series has been EOL for over five years. You really shouldn't be exposing something that's been unsupported for that long to the public Internet.
Thank you. I will look into how hard this is. Preliminary search says it might be more than I'm capable of or possibly because of the OS that I'm on and breaking things.
Curious that one cert is working but the rest are not on the same server. Would it have to do with the date that I last renewed things through the Let's Encrypt plugins in Plesk?
Understood from your comments. I just found it weird that one of my sites on the same server still views correctly but several others do not. Which is why I was asking if time of certificate creation had anything to do with it.
It’s not the ciphers either; it’s in the actual signature from the server's cert in the handshake. I don’t think that’s configurable or visible anywhere, so the only option is upgrading the software. Only very old OpenSSL is likely to run into this afaik, but without good tools I don’t have any measurements independent of what Chrome said.
This whole situation is terribly under documented so I’ll have a blog post up soon to help with this.
Right now I'm in the same boat.
Very similar situation as yours @shanemielke . Were you able to solve this issue ? If yes, how ?
I have some sites (plain HTML, Wordpress, Joomla) that are not loading correctly in Chrome. Other browsers are good. But one site (with Wordpress), in the same server, is loading fine on all browsers.
Chrome says:
This site can’t provide a secure connection mywebsite.net sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Same hosting provider as yours...
Server specs:
CentOS 6.4 (Final)
Plesk Onyx Version 17.8.11 Update #94, last updated on July 11, 2023
You are fine. I've moved on by moving almost all of my sites to a new server. But it sounds like your situation is exactly like mine and almost the exact same configurations. I had a site that had no problems and several sites that had the issue. The only difference was when the cert was issued (maybe)
This only seems to affect RSA certificates, so switching to ECDSA will help because it was never used in conjunction with SHA-1. That's why only some of @IAR's sites are broken.
I don't know about other systems like Plesk, as I don't use them.
(Editing in case you are reading this later; ignore the ECDSA stuff in this thread; I was wrong)