Pr_end_of_file_error

Hi, I have an issue with “PR_END_OF_FILE_ERROR” I had previously installed sslh on my node and when my HDD crashed I restored the backup. since I am getting that error. I made some changes on my server, mostly by "improving my nginx.conf with https://nginxconfig.io however, I decieded to completley remove sslh and python-certbot-nginx from debian 10 repos and obtain new certificates.

Even with a fresh cert I am getting PR_END_OF_FILE_ERROR I tried to enter return 301 $scheme://bind.tinfoil-hat.net/$request_uri; in my nginx conf but
but that didn’t help.

My topology is nginx reverseproxy -> private ipaddress of the webserver.

The error persists on other websites, on the same node, too. Maybe it’s important to know that I use a VPS which has an image as HDD. After I had to restore that Image after an Corruption of that image I have these errors.

My nginx conf is pretty simple. But I can’t know for sure if it’s without errors, since I recreated the configfiles.

I also verified, that my node is not on a Blacklist by checking myipaddress.com blacklist check.
I can also obtain new certificates, but the error replicates on these, too.

My domain is: bind.tinfoil-hat.net

nginx version: nginx/1.14.2 on proxmox 6.0.5

the certbot version is certbot 0.31.0 (Standard Debian 10 repos)

I can login to a root shell on my machine

I’m using no control panel to manage my sites

Any kind of help is highly appreciated! I’d also gift a 10€ bounty (paypal) by resolving that error

Although I do appreciate that you are offering a bounty for a solution, I don’t see how it can be LE related; and would suggest that you also try a forum more suited to where your problem may lie (i.e. NGINX).

That said, your site is not functional enough to get any kind of clue as to why it is failing:
https://dev.ssllabs.com/ssltest/analyze.html?d=bind.tinfoil-hat.net&hideResults=on
curl -Iki https://bind.tinfoil-hat.net/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to bind.tinfoil-hat.net:443

Well, the Site runs fine with so SSL and nginx -t returns no errors :confused:

I do see that http is functional.
curl -Iki http://bind.tinfoil-hat.net/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Aug 2019 02:28:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://bind.tinfoil-hat.net/

If you PM me the nginx -T output, maybe there is something there I can spot…

where can I PM You? I’m pretty new here

start by clicking the icon next to my userid
then click the blue MESSAGE button

If you are TOO new, that option may not yet be available to you - let me know

The Message Button is not available to me rn

LOL
let me try starting a PM with you and then you can reply to it
lookout for it in the top right of your screen
in green

The problem appears to have been related to missing cert file statements in some of the vhost configs.
Either by:
something causing disk corruption (may still be at play)
or
remmed lines containing “example.com” cert file statements (that may have confused certbot into no update in that section)

nonetheless, with the correct lines added the sites are now functional - again :slight_smile:

1 Like

Hi @chrissly90

there are errors, but more configuration problems.

You have a new certificate created ( https://check-your-website.server-daten.de/?q=bind.tinfoil-hat.net#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-05 2019-11-03 bind.tinfoil-hat.net - 1 entries duplicate nr. 1

And you have a Grade P:

Domainname Http-Status redirect Sec. G
http://bind.tinfoil-hat.net/
167.86.109.153 301 https://bind.tinfoil-hat.net/ 0.064 A
https://bind.tinfoil-hat.net/
167.86.109.153 -10 0.104 P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
http://bind.tinfoil-hat.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
167.86.109.153 301 https://bind.tinfoil-hat.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.063 A
Visible Content: 301 Moved Permanently nginx
https://bind.tinfoil-hat.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -10 0.107 P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
Visible Content:

But the reason is simple:

P https://bind.tinfoil-hat.net/ 167.86.109.153
-10
Error creating a TLS-Connection: TLSv1.3 found, but no connection via TLSv1.2 possible. Please activate TLSv1.2

There is only Tls.1.3 active, you should activate Tls.1.2.

Checking your site in a browser, there is a - simple - Bad Gateway - error:

502 Bad Gateway

nginx

So your proxy configuration doesn’t work.

That may be the error message - partial sent something, then interrupted.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.