Proxy Pass Apache = ERR_SSL

Link_Darck · February 16, 2022, 11:24am

Hello the problem is that I make a proxy pass for that everything works in http but in https I have this problem:
(ERR_SSL_VERSION_OR_CIPHER_MISMATCH)
yet with certbot everything went well.
thank you in advance for your help
PS: I will not change program I stay on apache thanks in advance

information :
My domain is:
linkdarck.neko-world.ovh (Raspberry 3)
status.neko-world.ovh (Second Raspberry 3)
neko-world.ovh (Server Rack)

I ran this command:
sudo certbot --apache (on my apache proxy pass)

It produced this output:
on google chrome on me computer
ERR_SSL_VERSION_OR_CIPHER_MISMATCH -> https://linkdarck.neko-world.ovh/
No probleme http -> http://linkdarck.neko-world.ovh/

My web server is (include version):
Apache 2 2.4.38

The operating system my web server runs on is (include version):
Server Rack: Almalinux 8
2 Raspberry: armv7 5.10.63-v7+

My hosting provider, if applicable, is:
my host is my rack server + 2 raspberry pi at home

I can login to a root shell on my machine (yes or no, or I don't know):
YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

9peppe · February 16, 2022, 12:48pm

Can you show us the ssl/tls config of your apache server?

And if you haven't edited it, get one from here: Mozilla SSL Configuration Generator

Never seen a server behaving this way before, I am surprised it actually started up:

$ openssl s_client -connect linkdarck.neko-world.ovh:443
CONNECTED(00000003)
139854001411392:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1543:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 316 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

9peppe · February 16, 2022, 1:07pm

You have enabled port forwarding on port 443, right?

rg305 · February 16, 2022, 2:06pm

I see CloudFlare:

Name:      linkdarck.neko-world.ovh
Addresses: 2606:4700:3031::6815:497
           2606:4700:3034::ac43:9a33
           172.67.154.51
           104.21.4.151

curl -Ii http://linkdarck.neko-world.ovh:443/
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 16 Feb 2022 14:05:23 GMT
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -

MikeMcQ · February 16, 2022, 2:42pm

And, this:

curl -I https://linkdarck.neko-world.ovh
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I get 400 Bad Request with http and port 443 on other CDN examples which otherwise work ok with https. Might not be best reproduction.

Link_Darck · February 16, 2022, 3:10pm

no I have temporarily disabled the redirection so that we can access the site but it has no relation with my problem the rewrite if?
yes I have cloudflare

voici ma configuration :
000-default-le-ssl.conf :

linkdarck-le-ssl.conf :

neko-world-le-ssl.conf :

MikeMcQ · February 16, 2022, 3:44pm

With Cloudflare CDN, the client (browser, curl, ...) connects with HTTPS to Cloudflare edge first. There is a separate connection between the edge and your server. If the error was between your origin server and the edge, Cloudflare reports a 5xx error.

But, this error results from something wrong between the Cloudflare edge and the client.

It is best if you use their community and support forum to correct it. Here is a one topic on their forum that talks about this:

Link_Darck · February 18, 2022, 9:45pm

Thank you very much but thank you very much

system · March 20, 2022, 9:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.