ERR_SSL_PROTOCOL_ERROR on https With New Certificates

Hi everyone, I'm trying to run my apache2 server on https, but since I moved and changed my ip address I can't get it to work anymore. Http works fine, ports 80 and 443 are both open, I can even connect to mydomain:443, but it goes through in normal http. I tried re-creating the certificates a couple of times, the first time with the full procedure to modify the conf files, second time just creating the certificates.

This is the current version of my conf file inside sites_enabled:

<IfModule ssl_module>
<VirtualHost *:443>
     SSLEngine on
     DocumentRoot /var/www/html

     ErrorLog /etc/apache2/error.log
     CustomLog /etc/apache2/access.log combined

     SSLCertificateFile /etc/letsencrypt/live/
     SSLCertificateKeyFile /etc/letsencrypt/live/
<IfModule ssl_module>
<VirtualHost *:80>
  RewriteEngine On
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

#RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]

The ssl_module is active

The Apache2 conf file is quite standard , with

IncludeOptional sites-enabled/*.conf

with the above mentioned file being the only one in sites-enabled
Checked a lot of other similar questions, but couldn't find a solution. Thanks!

My domain is:
I ran this command:
Access the domain via https
It produced this output:
My web server is (include version):
Apache2 2.4.29
The operating system my web server runs on is (include version):
Armbian 5.77

I can login to a root shell on my machine (yes or no, or I don't know):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Is your mod_ssl actually loaded?

What's the output of apachectl -S?

Also, unrelated, your HTTP vhost is missing a ServerAlias.


Hi @micric

checking your domain with my FireFox, there is



So your port 443 is a http port, not a https port.

PS: Is this a home server with a wrong port forwarding?

Port 80 extern -> port 443 intern?

Must be

Port 80 extern -> port 80 intern
Port 443 extern -> port 443 intern


Thanks!! That was it! I got a new modem from the internet provider with a terrible interface. It looked like I could define ports 80 and 443 in just one rule, but apparently there was something wrong with it. It's fixed now!


Ah, thanks, good to know.

Normally, that's not possible. One external port -> one rule.

Happy to read you have found a solution :+1:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.