Hi everybody,

I have used cert-bot to obtain my certificates, but I still get ERR_SSL_PROTOCOL_ERROR when trying to access via https to my site.

I have an Amazon EC2 Instance running Ubuntu 14.04 with apache 2.4.7
I updated my security group to accept inbound traffic on port 443.

I used cert-bot as described here:

After running cert-bot I got:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/[MYSUBDOMAIN]/fullchain.pem. Your
cert will expire on 2017-05-28. To obtain a new or tweaked version
of this certificate in the future, simply run certbot-auto again.
To non-interactively renew all of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

I have: cert.pem, chain.pem, fullchain.pem and privkey.pem

On my default-ssl.conf I have:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/[MYSUBDOMAIN]/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[MYSUBDOMAIN]/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/[MYSUBDOMAIN]/chain.pem

However I still get the ERR_SSL_PROTOCOL_ERROR

After restarting apache, I get no errors on apache /var/log/apache2/error.log

When checking In I get:
Assessment failed: No secure protocols supported

No SSL certificates were found on [MYSUBDOMAIN]. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.

Any ideas?


Is default-ssl.conf enabled? I’m not that familiar with Debian-based Apache configurations, but there are two directories in /etc/apache2/ AFAIK:

  • /sites-available/
  • /sites-enabled/

And with a2ensite you can enable the sites listed in /sites-available/ (it’ll make symbolic links to the /sites-enabled/ directory).

So: is default-ssl.conf listed in /etc/apache2/sites-enabled/?


Hi Osiris, thanks for helping. And yes, it is enabled

I executed:
sudo a2enmod ssl
sudo a2ensite default-ssl.conf
sudo service apache2 restart


Can you provide your domain name? That way we can run some easy checks on it and get you the answer quickly.


Sure, it is:

Here is more info about certificates I’m using:


You seem to be running an SSH server on port 443. Perhaps you accidentally mapped 443 to 22 in your security group configuration?


This was the problem. My ssh server was listening on port 443 (for some unknown reason). Changed my sshd_config, restarted the service and it worked. Thank you so much for your help!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.