Nginx: 400 Bad Request - The plain HTTP request was sent to HTTPS port

punchi · December 9, 2015, 6:19pm

Hi!,

First, thanks for all involved to make this possible !!

I have this page gesnex.com that looks like fine on 80, but gaves error when I try to go to 443. External analysis says that the certificate it’s OK (https://www.sslshopper.com/ssl-checker.html#hostname=www.gesnex.com) but if you go to :443 , an error appears:

400 Bad Request - The plain HTTP request was sent to HTTPS port

What I’m doing wrong?

server {
    listen       443 ssl;
    server_name  localhost;
    root         <PATH>;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/<PATH>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<PATH>/privkey.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

    # SSL PCI Compliance
    ssl_session_cache   shared:SSL:10m;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA$
    ...
}
    
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  localhost;
    root         <PATH>;
    #ssl on;
    ...
}

I followed this guide: https://community.letsencrypt.org/t/nginx-installation/3502/5

Thanks =)

punchi · December 9, 2015, 6:30pm

Made it! sorry!

Had to copy this part:

# NON-SSL
server {
    server_name allroundtraders.co.za www.allroundtraders.co.za img.allroundtraders.co.za;
    if ($scheme = http) {
           return 301 https://$server_name$request_uri;
    }   
}

Anyway, on internet this is not the typical solution, why is this??

pfg · December 9, 2015, 6:45pm

The error indicates that you tried to connect to http://example.com:443 - i.e., you were sending a HTTP request instead of HTTPS. What you wanted is https://example.com:443 (with https:// 443 is the default port, just including it here to demonstrate the difference, it’s optional).

Maybe just a typo when you were testing?

punchi · December 9, 2015, 7:01pm

Thanks for the reply @pfg, but it was not a typo, as I just typed “example:443”, now if I do that, I’m automatically redirected to the correct page.

Do you know why I need this redirect? normally see I 80 server and a 443 server, not a redirect