Https redirects to http port & SSL_ERROR_RX_RECORD_TOO_LONG

My domain is:

I ran this command:
certbot certificates

It produced this output:
Found the following certs:
** Certificate Name:**
** Domains:**
** Expiry Date: 2020-03-07 10:21:27+00:00 (VALID: 47 days)**
** Certificate Path: /etc/letsencrypt/live/**
** Private Key Path: /etc/letsencrypt/live/**

I ran this command:
openssl s_client -connect -servername -showcerts | openssl x509 -text -noout

It produced this output:

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
verify return:1
depth=0 CN =
verify return:1
Version: 3 (0x2)
Serial Number:

Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
Not Before: Dec 8 10:21:27 2019 GMT
Not After : Mar 7 10:21:27 2020 GMT
Subject: CN =
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)

Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
X509v3 Subject Key Identifier:

X509v3 Authority Key Identifier:

        Authority Information Access: 
            OCSP - URI:
            CA Issuers - URI:

        X509v3 Subject Alternative Name: 
        X509v3 Certificate Policies: 

        CT Precertificate SCTs: 
            Signed Certificate Timestamp:
                Version   : v1 (0x0)
                Log ID    : <snip>
                Timestamp : Dec  8 11:21:27.193 2019 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
            Signed Certificate Timestamp:
                Version   : v1 (0x0)
                Log ID    : <snip>
                Timestamp : Dec  8 11:21:27.240 2019 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
Signature Algorithm: sha256WithRSAEncryption

I ran this command:
curl -X GET -I

It produced this output:

HTTP/1.1 301 Moved Permanently
Date: Mon, 20 Jan 2020 08:21:55 GMT
Server: Apache/2.4.25 (Debian)
X-UA-Compatible: IE=edge
X-Redirect-By: WordPress
Content-Length: 0
Content-Type: text/html; charset=UTF-8

My web server is (include version):
Wordpress 5.3.2
|Server architecture|Linux 4.4.103+ armv7l|
|Web server|Apache/2.4.25 (Debian)|
|cURL version|7.52.1 OpenSSL/1.0.2u|

My hosting provider, if applicable, is:
I can login to a root shell on my machine:
I’m using a control panel to manage my site:
The version of my client is:
certbot 0.28.0

Sorry for the crazy configuration/setup, 80 and 443 are “filtered” so I use 8080 & 433. I redirected using
Redirect permanent /
in my 000-default.conf. I have commented that out and just trying to connect via browser to 433 but it seems to redirect to and I do not have a redirect in default-ssl.conf.
SSLCertificateFile /etc/letsencrypt/live/
** SSLCertificateKeyFile /etc/letsencrypt/live/**
** Include /etc/letsencrypt/options-ssl-apache.conf**

Do I need to provide more info?

Hi @krypto

you can’t use one port (8080) with both protocols http / https. Your Curl connects http, the result is a redirect to https, the same port.

Your works, so produces the expected result


That isn’t used, the redirect has port 8080 as destination.

Check your config to find that wrong redirect and change it.

Your port 443 is invisible, checking your domain - only timeouts -


@ JuergenAuer Thank you for the response. Correct, that is why I am attempting to run http on 8080 https on 433.

Yes, It isn’t used because I commented that directive out. I mentioned it for some details on the steps I have tried to make this work.

You are correct, there is a configuration issue and was hoping to get help with that.

Again you are correct, it is filtered by my isp so appears invisible.

Thank you for giving me a second look at my curl request, it seems wordpress (along with many other things) does not like https on port 433 and is causing the 301 redirect to 8080. I have checked the .htaccess file and it looks ok but I will look further into wordpress for a solution.

Sorry for the poor formating, I normally don’t post on forums and just now found the preview pane was being covered behind a popup forum message.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.