I’ve been running an Apache server on Ubuntu 16.04 for some time now. Just tried to add my first secure site using a LetsEncrypt certificate. That part went well, but then I got every browser complaining about trying to access the https version of my website (vintageapple.org).
Upon further investigation, I was able to confirm using wget that port 443 is serving up regular http, not https.
$ wget http://vintageapple.org:443 PR3-98758 ~
–2019-02-07 10:03:51-- http://vintageapple.org:443/
Resolving vintageapple.org… 45.56.87.249
Connecting to vintageapple.org|45.56.87.249|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 5885 (5.7K) [text/html]
Saving to: ‘index.html.6’
index.html.6 100%[========================================================================================>] 5.75K --.-KB/s in 0s
2019-02-07 10:03:51 (175 MB/s) - ‘index.html.6’ saved [5885/5885]
Further confirmed by trying to get https with wget:
$ wget https://vintageapple.org:443 PR3-98758 ~
–2019-02-07 10:04:09-- https://vintageapple.org/
Resolving vintageapple.org… 45.56.87.249
Connecting to vintageapple.org|45.56.87.249|:443… connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
I’ve been all through the Apache and site settings, to make sure everything is set up to support https.
ports.conf:
Listen 80
Listen 443 https Listen 443 httpssites-enabled conf file for the ssl version:
SSLEngine On ServerAdmin info@24sevenhosting.net ServerName www.vintageapple.org ServerAlias vintageapple.org DocumentRoot /srv/www/vintageapple.org/public_html/ ErrorLog /srv/www/vintageapple.org/logs/vintageapple.org-error.log CustomLog /srv/www/vintageapple.org/logs/vintageapple.org-access.log combined RewriteEngine On RewriteOptions Inherit Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/vintageapple.org/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/vintageapple.org/privkey.pemNote that I commented out the IfModule to try and see if that was preventing the secure version of the site from loading. No difference. I also added the extra SSLEngine On even though it is included in options-ssl-apache.conf just to see if it needed to be earlier in the configurations settings.
OpenSSL version:
OpenSSL 1.1.0h 27 Mar 2018 (Library: OpenSSL 1.1.1a 20 Nov 2018)
In the Apache error log:
[Thu Feb 07 09:41:06.460657 2019] [mpm_prefork:notice] [pid 23566] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
I noticed the version of OpenSSL being reported by Apache is rather old. I have not been able to find out how to upgrade that to a newer version. I don’t know if that is my problem.
Any ideas? This has me stumped.
This was a pretty plain vanilla new 16.04LTS install from a few years back with nothing special done to it. I religiously update and upgrade twice a month, to all updates available through apt-get upgrade are installed as of Feb 1st.