ERR_SSL_PROTOCOL_ERROR on EC2 Instance

marcocamejo · February 27, 2017, 8:54pm

Hi everybody,

I have used cert-bot to obtain my certificates, but I still get ERR_SSL_PROTOCOL_ERROR when trying to access via https to my site.

I have an Amazon EC2 Instance running Ubuntu 14.04 with apache 2.4.7
I updated my security group to accept inbound traffic on port 443.

I used cert-bot as described here:

After running cert-bot I got:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/[MYSUBDOMAIN]/fullchain.pem. Your
cert will expire on 2017-05-28. To obtain a new or tweaked version
of this certificate in the future, simply run certbot-auto again.
To non-interactively renew all of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

I have: cert.pem, chain.pem, fullchain.pem and privkey.pem

On my default-ssl.conf I have:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/[MYSUBDOMAIN]/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[MYSUBDOMAIN]/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/[MYSUBDOMAIN]/chain.pem

However I still get the ERR_SSL_PROTOCOL_ERROR

After restarting apache, I get no errors on apache /var/log/apache2/error.log

When checking In ssllabs.com I get:
Assessment failed: No secure protocols supported

In sslshopper.com:
No SSL certificates were found on [MYSUBDOMAIN]. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.

Any ideas?

Osiris · February 27, 2017, 9:14pm

Is default-ssl.conf enabled? I’m not that familiar with Debian-based Apache configurations, but there are two directories in /etc/apache2/ AFAIK:

/sites-available/
/sites-enabled/

And with a2ensite you can enable the sites listed in /sites-available/ (it’ll make symbolic links to the /sites-enabled/ directory).

So: is default-ssl.conf listed in /etc/apache2/sites-enabled/?

marcocamejo · February 27, 2017, 9:16pm

Hi Osiris, thanks for helping. And yes, it is enabled

I executed:
sudo a2enmod ssl
sudo a2ensite default-ssl.conf
sudo service apache2 restart

jsha · February 28, 2017, 2:51am

Can you provide your domain name? That way we can run some easy checks on it and get you the answer quickly.

marcocamejo · February 28, 2017, 10:49am

Sure, it is: consultores.darwined.cl

Here is more info about certificates I’m using:
https://crt.sh/?id=97438398

jmorahan · February 28, 2017, 11:30am

You seem to be running an SSH server on port 443. Perhaps you accidentally mapped 443 to 22 in your security group configuration?

marcocamejo · February 28, 2017, 1:00pm

This was the problem. My ssh server was listening on port 443 (for some unknown reason). Changed my sshd_config, restarted the service and it worked. Thank you so much for your help!

system · March 30, 2017, 1:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot-auto renew was successful but browser certificate error is still seen Help	6	2746	December 17, 2017
Error installing certbot with apache Help	4	1243	October 31, 2021
Unable to refresh /.certbot-auto install Help	3	1140	August 28, 2017
Unable to renew SSL certificate using certbot Help	19	3919	August 4, 2022
Using certbot for the very first time Help	11	1487	April 15, 2018

ERR_SSL_PROTOCOL_ERROR on EC2 Instance

Related Topics