Port SSL error in google chrome


#1

My domain is: https://socialsend.org

I ran this command: sudo certbot --apache

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): it is ubuntu 16

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The main domain or the inner urls does not have any issue but I am using socket connection on port 8081 and getting error for the
url example:
https://socialsend.org:8081/socket.io/?EIO=3&transport=polling&t=MQuOyUi

Error:
Failed to load resource: net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH


#2

I’m unable to connect securely to https://socialsend.org:8081/
It seems that port 8081 is not being served with the same protocols/ciphers as https://socialsend.org:443/ [which works correctly]

Can you provide more detail on the port 8081 vhost config?


#3

Yeah because if I add port 8081 inside the apache it will consider https://socialsend.org:8081/socket.io and
https://socialsend.org/socket.io as same url then I will get error that the urls does not exist (as they are not in my laravel route system)


#4

I’m not sure I follow.
Using a separate vhost config for port 8081, Apache can:

  • Reach a different document root.
  • Reach a different internal system [by proxy].

If they are completely separate systems that can’t see each other…
Then how will you be getting them to use the same cert?


#5

I have 2 platform on my server:
1- laravel which is the default url such as https://socialsend.org:443/ or https://socialsend.org/
2- Nodejs which I assign using port 8081 so https://socialsend.org:443/ and https://socialsend.org:8081/ should not call same url, https://socialsend.org:443/ is calling default url which is fine. but if inside ports.conf of apache I add 8081 as below then it will treat https://socialsend.org:8081/ and https://socialsend.org/ same

Listen 0.0.0.0:80

<IfModule ssl_module>
Listen 0.0.0.0:443
Listen 0.0.0.0:8081
</IfModule>


#6

But I did not define anything for url with port 8081 without ssl before, I mean http://socialsend.org:8081/socket.io was working fine before without touching apache, I just installed nodejs and define socketjs file and it worked, now you mean for ssl I should define path for port 8081 inside apache, I do not even know what path I should give too…
I think most likely the problem is from cert file, because normal combo ssl that I bought before did not have this issue…


#7

What does the vhost/configuration file look like that serves port 8081?

You don’t have to serve port 8081 from Apache - if nodejs can serve it and be reached from the Internet.
I only offered that to maybe resolve the problem.
The trouble is: I don’t yet really understand the problem well enough to give you any advice.
Do you want the nodejs port 8081 site to be reached from the Internet?


#8

Yes I want the nodejs socket reached through port 8081 with https


#9

Ok then the nodejs and Apache configs should remain separate (for now).
Can you show the nodejs config that covers port 8081?


#10


#11

And also the nodejs version.
Are you able to successfully connect to port 8081 from any IP (internal or external)?
What version of OpenSSL is installed? (or whatever TLS libraries nodejs relies on)


#12

Yes can call through IP without any issue,
Nodejs version is v4.2.6
openssl:
Installed: 1.1.0h-2.0+ubuntu16.04.1+deb.sury.org+1
Candidate: 1.1.0h-2.0+ubuntu16.04.1+deb.sury.org+1
Version table:
*** 1.1.0h-2.0+ubuntu16.04.1+deb.sury.org+1 500
500 http://ppa.launchpad.net/ondrej/php/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
1.0.2g-1ubuntu4.13 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
1.0.2g-1ubuntu4 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages


#13

nodejs stable is now at version 8.12.0 [LTS]
and 11.0.0 for latest features.

I think maybe you are due for an upgrade.

Or maybe changing:
var server = require('http').Server();
to
var server = require('https').Server();
was NOT the correct way to implement https.

Shouldn’t it be more like:
server = tls.createServer

I see ‘server’, but where do you define ‘Server’ ?