AH02261: Re-negotiation handshake failed - it not accepted by client!?
My domain is:https://www.tokakoka.ru
The operating system my web server runs on is: ubuntu (linux mint 18.1 Serena)
I can login to a root shell on my machine - yes
I’m using a control panel to manage my site - no
Usually, that error message appears when you are using SSLVerifyClient directive in your conf to validate the client (user connecting to your site) using a ssl certificate. I don't know what you tried but maybe you don't want this.
If you paste the apache conf for your site we could see what is wrong.
Also, keep in mind that you have issued 2 certificates, one valid only for www.tokakoka.ru and one valid only for tokakoka.ru...
CRT ID DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs
260354004 tokakoka.ru 2017-Nov-20 20:24 UTC 2018-Feb-18 20:24 UTC 72 days tokakoka.ru
260353875 www.tokakoka.ru 2017-Nov-20 20:23 UTC 2018-Feb-18 20:23 UTC 72 days www.tokakoka.ru
...but you are not configuring your apache server to serve the right certificate for tokakoka.ru, only for www.tokakoka.ru
The first command should return DNS:tokakoka.ru instead of DNS:www.tokakoka.ru so that means that the cert server from your apache is not valid for tokakoka.ru.
I'm saying this because your site shows a warning about mixed content, that is, your site is https but you are trying to load something (javascript, an image, etc.) from an insecure site, in your case you are trying to load a gif from http://tokakoka.ru/kon.gif which it is wrong. Your web server has a redirect to https://tokakoka.ru/kon.gif which is also wrong because the certificate served for that url is only valid for www.tokakora.ru but not tokakora.ru so you should check that too.
The conf posted doesn’t explain this error message AH02261: Re-negotiation handshake failed so maybe you have defined the SSLVerifyClient in another conf file:
grep -ri 'SSLVerifyClient' /etc/apache2/*
but the conf posted explains the reason you are serving the wrong certificate for tokakoka.ru.
As you have 2 independent certificates, 1 only valid for tokakoka.ru and 1 only valid for www.tokakoka.ru you need to create a new virtualhost covering tokakoka.ru and modify the one serving tokakoka.ru to remove ServerAlias directive…
So, tokakoka.ru-le-ssl.conf file should look like this:
Note: I’m assuming the right cert covering tokakoka.ru is located at /etc/letsencrypt/live/tokakoka.ru/ path but maybe it is in another place so you should double check that the path is the correct one and modify it in the apache conf I posted above if it is not the correct one.
Note 2: Always perform a backup of the files you are modifying and remember to reload/restart apache so it can load the new modified conf.
I had some craziness with the settings of the virtual hosts, but the rooming has passed. Now there are no problems with mixed content.
But in the server's logs there are still errors - AH02261: Re-negotiation handshake failed