Err_ssl_protocol_error

Heetered · March 21, 2021, 3:15am

Hi all,

Banging my head against the wall trying to figure out this error.

This is for a fresh brand new install on my own private server of:

Ubuntu20.04LTS
nginx version: nginx/1.18.0 (Ubuntu)
certbot 1.13.0 snap

Looks like certbot is functioning properly as it is created new certs.

This is the first part of my nginx conf file:

server {
    if ($host = www.domain2.com) {
        return 301 https://$host$request_uri;
    }

    if ($host = domain2.com) {
        return 301 https://$host$request_uri;
    }

    if ($host = www.domain1.com) {
        return 301 https://$host$request_uri;
    }

    if ($host = domain1.com) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    listen [::]:80;
    server_name domain1.com www.domain1.com domain2.com www.domain2.com;
    
    return 301 https://$server_name$request_uri;

}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name domain1.com www.domain1.com domain2.com www.domain2.com;
    ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem;
    ssl_session_tickets off;

UFW has both 80 and 443
router firewall redirected

I can't see the forest from the trees

Any assistance would be greatly appreciated

schoen · March 21, 2021, 3:19am

Hi @Heetered,

There needs to be a separate server block that says listen 443 ssl or similar, and there must not be any server block that says listen 443 without the ssl.

You could try

grep -r 443 /etc/nginx

to find files that refer to port 443 in your nginx configuration.

Heetered · March 21, 2021, 3:23am

Thank you for responding so quickly

Hi this is the output:

root@webserv:/etc/letsencrypt# grep -r 443 /etc/nginx
/etc/nginx/sites-available/nextcloud:    listen 443 ssl http2;
/etc/nginx/sites-available/nextcloud:    listen [::]:443 ssl http2;
/etc/nginx/sites-available/default:	# listen 443 ssl default_server;
/etc/nginx/sites-available/default:	# listen [::]:443 ssl default_server;
root@webserv:/etc/letsencrypt#

Don't quite understand what you mean by the listen 443 without ssl

This is the output of the conf file that I am working with

I am thinking that you didn't scroll down enough on the code section in my first post. LOLOL

schoen · March 21, 2021, 3:37am

True! Sorry about that.

Are you sure that port 443 is forwarded to port 443? Could you share your domain name so we could see more about the origin of the protocol error?

Heetered · March 21, 2021, 3:40am

EDIT:::::

DOH!

I checked my router again forwarding to port 433 instead, DUH!!!!!!!!!!!!

Thanks for your help again schoen, LOLOL

Going to go hide under a rock

system · April 20, 2021, 3:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
NGINX error SSL Help	2	804	January 26, 2022
ERR_SSL_PROTOCOL_ERROR after updating certbot (nginx) Help	9	2790	March 17, 2021
How to fix 200 and 301 redirect Help	8	869	May 20, 2020
Certbot nginx setup fails due to missing certificate files Help	16	2165	April 13, 2023
What does those line after installing cert with nginx plugin? Help	6	364	April 23, 2023

Err_ssl_protocol_error

Related topics