ERR_SSL_PROTOCOL_ERROR on https With New Certificates

micric · November 28, 2020, 3:14pm

Hi everyone, I'm trying to run my apache2 server on https, but since I moved and changed my ip address I can't get it to work anymore. Http works fine, ports 80 and 443 are both open, I can even connect to mydomain:443, but it goes through in normal http. I tried re-creating the certificates a couple of times, the first time with the full procedure to modify the conf files, second time just creating the certificates.

This is the current version of my conf file inside sites_enabled:

<IfModule ssl_module>
<VirtualHost *:443>
     SSLEngine on
     ServerAdmin admin@example.com
     DocumentRoot /var/www/html
     ServerName www.casadimarzapane.com
     ServerAlias casadimarzapane.com

     ErrorLog /etc/apache2/error.log
     CustomLog /etc/apache2/access.log combined

     SSLCertificateFile /etc/letsencrypt/live/casadimarzapane.com/fullchain.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/casadimarzapane.com/privkey.pem
</VirtualHost>
</IfModule>
<IfModule ssl_module>
<VirtualHost *:80>
  ServerName www.casadimarzapane.com
  RewriteEngine On
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

#RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>
</IfModule>

The ssl_module is active

The Apache2 conf file is quite standard , with

IncludeOptional sites-enabled/*.conf

with the above mentioned file being the only one in sites-enabled
Checked a lot of other similar questions, but couldn't find a solution. Thanks!

My domain is:
casadimarzapane.com
I ran this command:
Access the domain via https
It produced this output:
ERR_SSL_PROTOCOL_ERROR
My web server is (include version):
Apache2 2.4.29
The operating system my web server runs on is (include version):
Armbian 5.77

I can login to a root shell on my machine (yes or no, or I don't know):
yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.9.0

Osiris · November 28, 2020, 3:26pm

Is your mod_ssl actually loaded?

What's the output of apachectl -S?

Also, unrelated, your HTTP vhost is missing a ServerAlias.

JuergenAuer · November 28, 2020, 3:27pm

Hi @micric

checking your domain with my FireFox, there is

SSL_ERROR_RX_RECORD_TOO_LONG

visible.

So your port 443 is a http port, not a https port.

PS: Is this a home server with a wrong port forwarding?

Port 80 extern -> port 443 intern?

Must be

Port 80 extern -> port 80 intern
Port 443 extern -> port 443 intern

micric · November 28, 2020, 3:58pm

Thanks!! That was it! I got a new modem from the internet provider with a terrible interface. It looked like I could define ports 80 and 443 in just one rule, but apparently there was something wrong with it. It's fixed now!

JuergenAuer · November 28, 2020, 4:14pm

Ah, thanks, good to know.

Normally, that's not possible. One external port -> one rule.

Happy to read you have found a solution

system · December 28, 2020, 4:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.