Chrome on my laptop and phone are returning an ERR_SSL_PROTOCOL_ERROR and SSL Labs is telling me my site doesn’t even have a certificate.

What’s wrong with my configuration?

$ openssl s_client -connect
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
    Protocol  : TLSv1.2
    Cipher    : 0000
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1556822276
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

And the site configuration:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    root   /var/www/domains/;
    access_log  /var/log/nginx/;
    error_log /var/log/nginx/;

    include /etc/nginx/sites-available/include-php;

    location / {
        if (!-e $request_filename) {
            rewrite ^/(.*) /index.php?q=$1;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    #ssl_session_tickets off;

The only thing I can think is that your not forwarding port 443 correctly in to your server.

Hi @bluemanos

there are some curious things. Your ip addresses ( ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 1 0
AAAA yes A yes 1 0
A yes 1 0
AAAA 2606:4700:30::681c:449 yes
AAAA 2606:4700:30::681c:549 yes

And there are redirects https -> http:

Domainname Http-Status redirect Sec. G 200 0.080 H 200 0.097 H 200 0.094 H
2606:4700:30::681c:449 200 0.097 H
2606:4700:30::681c:549 200 0.094 H 301 0.173 F 301 0.170 F
2606:4700:30::681c:449 301 0.150 F
2606:4700:30::681c:549 301 0.157 F -4 0.144 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream.

A lot of Grade F.

One - https + non-www - doesn’t work. The other - redirect https -> http.

You are right - I fixed this. Unfortunately still the domain is not working :confused:

What says

nginx -t

Check the nginx logs.

nginx -t is and was ok.

Finally, I figured it out what was wrong with the configuration.
Nginx (my version: nginx/1.14.0) needs a one default_server in listen entry also for port 443. I added it to the domain listen 443 default_server ssl;. And after this the domain is working correctly. Hopeful other domains will also works.

1 Like

Now your configuration works.

There is a new check ( ):

You use a certificate with only one domain name:
expires in 90 days - 1 entry

But you have two dns entries. So create one certificate with both domain names and use that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.