Err_ssl_protocol_error


#1

Please fill out the fields below so we can help you better.

My domain is: www.srparquet.es

I ran this command: Installed via CWP

It produced this output:

vhost_start srparquet.es

<VirtualHost 51.254.223.207:443>
ServerName srparquet.es
ServerAdmin -@yahoo.com
ServerAlias www.srparquet.es
DocumentRoot /home/srparque/public_html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/srparquet.es/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/srparquet.es/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/srparquet.es/fullchain.pem
SetEnvIf User-Agent “.MSIE.” nokeepalive ssl-unclean-shutdown

SuexecUserGroup srparque srparque

suPHP_UserGroup srparque srparque suPHP_ConfigPath /home/srparque

<Directory “/home/srparque/public_html”>
AllowOverride All

vhost_end srparquet.es

My operating system is (include version): CentOS 6.8

My web server is (include version): Apache/2.2.27

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): CentOS Web Panel 0.9.8.54

I have another vps with the same config and it’s working fine with Let’s Encrypt. I’m also using CloudFlare.

Any ideas?


#2

The certificate is valid :

Valid Certificate
The connection to this site is using a valid, trusted server certificate.

And the error is :

This site can’t provide a secure connection
www.srparquet.es sent an invalid response.


#3

Your site is serving HTTP on port 443 (the port for HTTPS). Try browsing to http://www.srparquet.es:443 to verify this.

I don’t see any <VirtualHost> tags in the configuration you provided. Typically the configuration where you enable SSL would be inside of a <VirtualHost *:443> tag. I’m not too familiar with CWP and its configuration structure, so I don’t really have a ready-made solution for this without seeing the rest of the configuration, but maybe this will point you in the right direction.


#4

This is in /usr/local/apache/conf.d/vhosts.conf
vhosts.txt (767 Bytes)

and in /usr/local/apache/conf.d/vhosts-ssl-letsencrypt.conf :

vhosts-ssl-letsencrypt.txt (788 Bytes)

I’ve added files because this editor strips :80 and :443 , I don’t know why. :confused:

grep -ri listen /usr/local/apache/conf

/usr/local/apache/conf/extra/httpd-ssl.conf:# When we also provide SSL we have to listen to the
/usr/local/apache/conf/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/extra/httpd-ssl.conf:Listen 443
/usr/local/apache/conf/original/extra/httpd-ssl.conf:# When we also provide SSL we have to listen to the
/usr/local/apache/conf/original/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/original/extra/httpd-ssl.conf:Listen 443
/usr/local/apache/conf/original/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
/usr/local/apache/conf/original/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
/usr/local/apache/conf/original/httpd.conf:#Listen 12.34.56.78:80
/usr/local/apache/conf/original/httpd.conf:Listen 80
/usr/local/apache/conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
/usr/local/apache/conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
/usr/local/apache/conf/httpd.conf:#Listen 12.34.56.78:80
/usr/local/apache/conf/httpd.conf:Listen 80


#5

I don’t see any obvious issues. Can you grep for “:443” to see if there are any other vhosts somewhere else that might interfere, or maybe for “:*” to see if there’s a vhost that’s listening on all ports?


#6
  • netstat -tulpn | grep -E ':80|443’
    tcp 0 0 :::80 :::* LISTEN 15158/httpd
    tcp 0 0 :::443 :::* LISTEN 15158/httpd

  • netstat -l |grep -E 'http|www’
    tcp 0 0 *:http : LISTEN
    tcp 0 0 *:https : LISTEN

  • netstat -tulpn | grep :*

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 1613/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1487/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1613/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1529/dovecot
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1613/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1228/sshd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 9406/pure-ftpd ( SER
tcp 0 0 51.254.223.207:53 0.0.0.0:* LISTEN 986/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 986/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1613/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 986/named
tcp 0 0 :::80 :::* LISTEN 15158/httpd
tcp 0 0 :::22 :::* LISTEN 1228/sshd
tcp 0 0 :::21 :::* LISTEN 9406/pure-ftpd ( SER
tcp 0 0 :::2031 :::* LISTEN 9766/cwpsrvd
tcp 0 0 ::1:53 :::* LISTEN 986/named
tcp 0 0 :::2031 :::* LISTEN 9766/cwpsrvd
tcp 0 0 ::1:953 :::* LISTEN 986/named
tcp 0 0 :::443 :::* LISTEN 15158/httpd
udp 0 0 51.254.223.207:53 0.0.0.0:* 986/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 986/named
udp 0 0 ::1:53 :::* 986/named


#7

Sorry, I was talking about grep'ing your apache configuration (I guess that’s /usr/local/apache/conf here).


#8

Sorry, like this?

grep -ri :443 /usr/local/apache/conf
/usr/local/apache/conf/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/extra/httpd-ssl.conf:
/usr/local/apache/conf/extra/httpd-ssl.conf:ServerName www.example.com:443
/usr/local/apache/conf/original/extra/httpd-ssl.conf:# Listen directives: “Listen [::]:443” and “Listen 0.0.0.0:443”
/usr/local/apache/conf/original/extra/httpd-ssl.conf:
/usr/local/apache/conf/original/extra/httpd-ssl.conf:ServerName www.example.com:443


#9

Any ideas? I have another site on a similar vps with the same config and it’s working: https://tablet5.com/


#10

I just realized there are configuration files outside of /usr/local/apache/conf, could you try grep again with all of /usr/local/apache/?

Based on the files I’ve seen so far, I don’t know what could be causing this.


#11

Hi, here it is :
grep -ri :443 /usr/local/apache/
grep.txt (1.5 KB)


#12

Sorry, I got nothing. :confused:


#13

I reinstalled let’s encrypt and it gave a Multilib Error: Multilib version problems found… I ran yum update and reinstalled certificates and it’s working now.
Thank you for your help.


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.