Getting SSL_PROTOCOL_ERROR

Gotta be honest, I don't know a lot about all this, that's why barely anything that's requested is not filled out. I followed a guide on how to set up a text roleplay program on a VM via google, and it included getting https set up. Everything worked fine up until a couple days ago and I can't figure out why it doesn't anymore. There's a text file with the configuration of the server, but everything is still like the guide says it should be, and the server test succeeds.

By the way, the person who provided the guide doesn't reply anymore, or I wouldn't have come here. Any help is greatly appreciated.

My domain is: loveinthedark.net

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I think so

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2 Likes

Hi @Sam_Enby, and welcome to the LE community forum :slight_smile:

With such little information to work with, it is very difficult for anyone to be certain about anything.
What the problem is.
How to fix it.

I can only say for sure that your cert is expired (hasn't been renewed):
crt.sh | loveinthedark.net

Can you post the link to the guide you followed?
Do you know which ACME client was used?

4 Likes

I know, now imagine how I feel without the knowledge in my head to help me! :stuck_out_tongue:

Here's the guide.

Unfortunately I don't know which ACME client was used; maybe the guide has that information?
How could I renew my cert?

Thank you so much for replying!

5 Likes

Well that makes two of us; and I went through the linked guide.

With any luck the installation setup a cron job that might give us a clue; yes, thus far I am clueless on this too - LOL
So let's have a look at the output of:
sudo crontab -l
[maybe we'll get lucky]

4 Likes

Not sure if this issue is due to the ACME client used by RPNow. When trying to establish the TLS handshake, the server replies with "Internal Error" and then the connection is broken.

You should check the error log for RPNow. Please check its documentation or its support forum (if that exists) to check how to do that.

5 Likes

OR if that path leads to... nothing but silence:
Try adding another ACME client to overcome its' lack of support.
This may be tricky but it might get the job done.
If you need any help along that path, just let me know - I'm always up for such challenges :slight_smile:

4 Likes

Hello again!
That path did lead to nothing but silence, so I installed certbot and got a certificate, but I'm stumped by "Install your certificate" It says to install it in the configuration file for your webserver, but where can I find it?
How do I do that?

I know these probably seem like such basic questions, but like I said, I have no experience in all this... I always try to get it done on my own first, but I'm here because I hit a road block. Thank you all for all your help!

3 Likes

I'm glad to see that you were able to get certbot installed and obtained a cert.
Unfortunately, even after installing the RPnow program myself on a test system, I can't find exactly where/how it uses a cert.

But fear not, there are plenty of ways to peel a banana!

Let's do this the surefire way:

  • add a proxy server to handle the secure connections
    and have it simply proxy to the RPNow HTTP port.

Are you up for some more learning?
[we'll beat that newbieness out of you soon enough! - LOL]

4 Likes

Okay, I might need help with that. I don't even know how to begin (I tried in the last days!).

Would you be up to help/assist me with that, please? I'd appreciate it a lot!

2 Likes

Ok, I'll go as slow as possible to ensure you get a full grasp of everything that we do.
So, we'll start with understanding what is in play at this time.

[while RPNow is running]
Let's see which ports are in use, with:
netstat -pant | grep -i listen

4 Likes

That's what I got:

(No info could be read for "-p": geteuid()=1000 but you should be root.)
tcp        0      0 127.0.0.1:12789         0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::80                   :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
tcp6       0      0 :::443                  :::*                    LISTEN      -
1 Like

Well it seems that port 80 and 443 are already taken.
Is RPNow actually using the secure port (443)?
If not, then what is?

4 Likes

When I run rpnow and stop the server, this is what I get:

(No info could be read for "-p": geteuid()=1000 but you should be root.)
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -

The program has a "test server" option, which gives me this when I do:

server status... (server not running)
✔ test server
########################
 TESTING RPNOW SERVER
 (Press CTRL+C to stop)
########################
2021/08/23 15:10:06 Loaded config at /etc/rpnow.ini
2021/08/23 15:10:06 Listening on :443

Does that make any sense to you? :s

When I stop the test, it says it stops the TLS server :443 and HTTP server :80

1 Like

OK, you will need to disable TLS port 443 on the RPnow config .ini file (or however the documentation stated).
Then turn it back on.
And it should only be using port 80.

4 Likes

Okay, I modified the .ini file so ssl is turned off. I started the server, and now it gives me this:

(No info could be read for "-p": geteuid()=1000 but you should be root.)
tcp        0      0 127.0.0.1:12789         0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::80                   :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -

No more 443

1 Like

OK, so now we add a web server to use as a reverse proxy.
You have choices, here are some popular ones:

  • nginx
  • apache
  • haproxy
  • and there are others

I would recommend using nginx.

Which operating system are you using?

4 Likes

Just on my laptop? Windows 10

1 Like

Where does the RPNow run?

4 Likes
Linux smol-rpnow 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_6
4

Is that it?

1 Like

OK, I think Debian uses APT.
Try:
sudo apt-get update
sudo apt-get install nginx

[if so, it may need to install 20+ packages - just say "Y"]

4 Likes