Err_ssl_protocol_error

Please fill out the fields below so we can help you better.

My domain is: www.srparquet.es

I ran this command: Installed via CWP

It produced this output:

vhost_start srparquet.es

<VirtualHost 51.254.223.207:443>
ServerName srparquet.es
ServerAdmin -@yahoo.com
ServerAlias www.srparquet.es
DocumentRoot /home/srparque/public_html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/srparquet.es/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/srparquet.es/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/srparquet.es/fullchain.pem
SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

SuexecUserGroup srparque srparque

suPHP_UserGroup srparque srparque suPHP_ConfigPath /home/srparque

<Directory "/home/srparque/public_html">
AllowOverride All

vhost_end srparquet.es

My operating system is (include version): CentOS 6.8

My web server is (include version): Apache/2.2.27

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): CentOS Web Panel 0.9.8.54

I have another vps with the same config and it's working fine with Let's Encrypt. I'm also using CloudFlare.

Any ideas?

The certificate is valid :

Valid Certificate
The connection to this site is using a valid, trusted server certificate.

And the error is :

This site can’t provide a secure connection
www.srparquet.es sent an invalid response.

Your site is serving HTTP on port 443 (the port for HTTPS). Try browsing to http://www.srparquet.es:443 to verify this.

I don’t see any <VirtualHost> tags in the configuration you provided. Typically the configuration where you enable SSL would be inside of a <VirtualHost *:443> tag. I’m not too familiar with CWP and its configuration structure, so I don’t really have a ready-made solution for this without seeing the rest of the configuration, but maybe this will point you in the right direction.

This is in /usr/local/apache/conf.d/vhosts.conf
vhosts.txt (767 Bytes)

and in /usr/local/apache/conf.d/vhosts-ssl-letsencrypt.conf :

vhosts-ssl-letsencrypt.txt (788 Bytes)

I’ve added files because this editor strips :80 and :443 , I don’t know why. :confused:

grep -ri listen /usr/local/apache/conf

/usr/local/apache/conf/extra/httpd-ssl.conf:# When we also provide SSL we have to listen to the
/usr/local/apache/conf/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/extra/httpd-ssl.conf:Listen 443
/usr/local/apache/conf/original/extra/httpd-ssl.conf:# When we also provide SSL we have to listen to the
/usr/local/apache/conf/original/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/original/extra/httpd-ssl.conf:Listen 443
/usr/local/apache/conf/original/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
/usr/local/apache/conf/original/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
/usr/local/apache/conf/original/httpd.conf:#Listen 12.34.56.78:80
/usr/local/apache/conf/original/httpd.conf:Listen 80
/usr/local/apache/conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
/usr/local/apache/conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
/usr/local/apache/conf/httpd.conf:#Listen 12.34.56.78:80
/usr/local/apache/conf/httpd.conf:Listen 80

I don’t see any obvious issues. Can you grep for “:443” to see if there are any other vhosts somewhere else that might interfere, or maybe for “:*” to see if there’s a vhost that’s listening on all ports?

  • netstat -tulpn | grep -E ':80|443’
    tcp 0 0 :::80 :::* LISTEN 15158/httpd
    tcp 0 0 :::443 :::* LISTEN 15158/httpd

  • netstat -l |grep -E 'http|www’
    tcp 0 0 *:http : LISTEN
    tcp 0 0 *:https : LISTEN

  • netstat -tulpn | grep :*

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 1613/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1487/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1613/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1613/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1228/sshd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 9406/pure-ftpd ( SER
tcp 0 0 51.254.223.207:53 0.0.0.0:* LISTEN 986/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 986/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1613/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 986/named
tcp 0 0 :::80 :::* LISTEN 15158/httpd
tcp 0 0 :::22 :::* LISTEN 1228/sshd
tcp 0 0 :::21 :::* LISTEN 9406/pure-ftpd ( SER
tcp 0 0 :::2031 :::* LISTEN 9766/cwpsrvd
tcp 0 0 ::1:53 :::* LISTEN 986/named
tcp 0 0 :::2031 :::* LISTEN 9766/cwpsrvd
tcp 0 0 ::1:953 :::* LISTEN 986/named
tcp 0 0 :::443 :::* LISTEN 15158/httpd
udp 0 0 51.254.223.207:53 0.0.0.0:* 986/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 986/named
udp 0 0 ::1:53 :::* 986/named

Sorry, I was talking about grep'ing your apache configuration (I guess that’s /usr/local/apache/conf here).

Sorry, like this?

grep -ri :443 /usr/local/apache/conf
/usr/local/apache/conf/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/extra/httpd-ssl.conf:
/usr/local/apache/conf/extra/httpd-ssl.conf:ServerName www.example.com:443
/usr/local/apache/conf/original/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/original/extra/httpd-ssl.conf:
/usr/local/apache/conf/original/extra/httpd-ssl.conf:ServerName www.example.com:443

Any ideas? I have another site on a similar vps with the same config and it’s working: https://tablet5.com/

I just realized there are configuration files outside of /usr/local/apache/conf, could you try grep again with all of /usr/local/apache/?

Based on the files I’ve seen so far, I don’t know what could be causing this.

1 Like

Hi, here it is :
grep -ri :443 /usr/local/apache/
grep.txt (1.5 KB)

Sorry, I got nothing. :confused:

I reinstalled let’s encrypt and it gave a Multilib Error: Multilib version problems found… I ran yum update and reinstalled certificates and it’s working now.
Thank you for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.