Err_ssl_protocol_error

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://pedidosydevoluciones.assaabloymexico.com:93/

I ran this command: Open the browser (URL)

It produced this output: ERR_SSL_PROTOCOL_ERROR

My web server is (include version): IIS

The operating system my web server runs on is (include version): Windows Server

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): power shell?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I create a certificate using "Certify The Web", all was ok (I think), I can see the certificate and bind it to sites on IIS, but when I try to open the URL on the browser I'm getting the error: SSL_ERROR_RX_RECORD_TOO_LONG...

Another thing, when I was binding the port and certificate in IIS, I see 2 Certs almost equals, just the expiration month is not...

I run this command on powershell:

openssl s_client -connect pedidosydevoluciones.assaabloymexico.com:93 -msg
CONNECTED(00000194)

??? [length 0005]
16 03 01 01 51
TLS 1.3, Handshake [length 0151], ClientHello
01 00 01 4d 03 03 48 41 e7 1b 10 5b bd 0a af c1
f9 4e 5c 39 72 a2 06 46 71 70 39 c6 7b bf c8 df
4e 2e f0 14 03 c6 20 f5 58 78 a5 3d b8 4e b5 9d
f3 89 d0 09 09 f7 8c 19 46 37 91 d7 40 e8 30 5f
5e a9 a4 4a 6d d8 6a 00 3e 13 02 13 03 13 01 c0
2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00
3c 00 35 00 2f 00 ff 01 00 00 c6 00 00 00 2d 00
2b 00 00 28 70 65 64 69 64 6f 73 79 64 65 76 6f
6c 75 63 69 6f 6e 65 73 2e 61 73 73 61 61 62 6c
6f 79 6d 65 78 69 63 6f 2e 63 6f 6d 00 0b 00 04
03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e
00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00
00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08
08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01
06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02
05 02 06 02 00 2b 00 09 08 03 04 03 03 03 02 03
01 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00
20 78 31 e7 6c 92 97 b1 ed 31 7a 6e 69 68 a4 e5
72 95 c0 0a e0 17 42 1a 4c 27 e3 d9 67 f5 21 ae
38
<<< ??? [length 0005]
48 54 54 50 2f
1436:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl\record\ssl3_record.c:332:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 5 bytes and written 342 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Please help me...

2

Your webserver is speaking plain http, not https: http://pedidosydevoluciones.assaabloymexico.com:93/

3

Hi @MaxS

checking your domain via https://check-your-website.server-daten.de/?q=pedidosydevoluciones.assaabloymexico.com#ct-logs

You have created two certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-03-11 2020-06-09 pedidosydevoluciones.assaabloymexico.com - 1 entries duplicate nr. 2
Let's Encrypt Authority X3 2020-03-11 2020-06-09 pedidosydevoluciones.assaabloymexico.com - 1 entries duplicate nr. 1

So that part works.

Port 93 is a http port. So share a screenshot of your binding. Change that to https and select the certificate.

4

Thank you…

I verified the binding and it’s what we have:
imagen

The binding is on port 93, https y selected the cert…

5

Looks like that binding isn’t used.

Add your domain name pedidosydevoluciones.assaabloymexico.com in the “Host name” field, check “Require Server Name Indication”.

6

I changed but still the error…

imagen

7

Looks like you use the wrong machine.

Checking

http://pedidosydevoluciones.assaabloymexico.com:93/

there is a proxy error:

502 - Web server received an invalid response while acting as a gateway or proxy server.

There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.

Looks like you have two machines.

http redirects to

http://pedidosydevoluciones.assaabloymexico.com/Identity/Account/Login?ReturnUrl=%2F
8

There are some sites on same address, each port used is a distinct site, but is the same server and same IIS… Right now, port 80 is not using https and it is what are you seeing without the port 93…

Is there the posibility that the port (93) is restricted to use only http traffic?

9

But why is there a proxy error? Proxy -> second machine.

Why is there a http status 502?

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.