Secure Connection Failed

Help
1

My domain is: shentaichiacademy.co.uk
I ran this command: sudo certbot --apache
It produced this output: eveything fine
My web server is (include version): Apache 2.4.53 (Debian)
The operating system my web server runs on is (include version): Raspian (bullseye)
My hosting provider, if applicable, is: in home raspberry pi
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

I am running a Django website which is running localy okay under /etc/hosts/ but when I go to access it on another machine I get "Secure Connection Failed". I am using IONOS as domain name provider and FreeDNS as DNS provider. Name Servers are set in IONOS for FreeDNS and I can load up my main domain on port 80 at sbrown.ml with no problem. I have shentaichiacademy.co.uk set up as a vhost and an alias for www.shentaichiacademy.co.uk.

In /etc/lets/encrypt/live Ihave README and shentaichiacademy.co.uk, www.shentaichiacademy.co.uk and shentaichiacademy.co.uk-0001

in shentaichiacademy.co.uk I has cert.pem, chain.pem, fullchain.pem, privkey.pem and README
same in www.shentaichiacademy.co.uk and shentaichiacademy.co.uk-0001

Let me know if you need any more information.

3

That generally indicates a problem.

Please show:
certbot certificates

That... could be hiding a problem.
Please show:
apachectl -t -D DUMP_VHOSTS

1 Like
4

I see your website secure with both www domain and the apex. See sample SSL test site below. What browser or client do you see the error from? Maybe just stop/start the browser to clear cache if the SSL cert is new?

2 Likes
5

Chrome 102 on Windows 10
Firefox 100 on Windows 10

Both as normal and in incognito mode.

Same error.

6

AH00526: Syntax error on line 27 of etc/apache2/sites-enabled/shentaichiacademy.co.uk-le-ssl.conf
SSLCertificateFile: file 'etc/letsencrypt/live/shentaichiacademy.co.uk/fullchain.pem' does not exist or is empty.

fullchain.pem is there and has content in it. I did however need to be in superuser to get into the live directory.

7

I cleaned up the indents in the file and resaved it and the error AH00526 miraculously vanished.

I now have

*:443 sehntaichiacademy.co.uk
*:80 is a virtual host

and lots of other stuff but when I try

apachectl -t -D DUMP_VHOSTS > dump.txt

How do I get it into a file to copy it here, theres a lot of text there?

8

image

1 Like
9
1 Like
10

Apparently apachectl -t -D DUMP_VHOSTS returns errors as normal user but not as superuser.

11 
curl -Ii http://shentaichiacademy.co.uk/
curl: (56) Recv failure: Connection reset by peer

curl -Ii http://www.shentaichiacademy.co.uk/
curl: (56) Recv failure: Connection reset by peer

curl -Ii https://shentaichiacademy.co.uk/
curl: (7) Failed to connect to shentaichiacademy.co.uk port 443: No route to host

curl -Ii https://www.shentaichiacademy.co.uk/
curl: (7) Failed to connect to www.shentaichiacademy.co.uk port 443: No route to host
1 Like
12

Let's see the output with sudo

1 Like
13

Found the following certs:
Certificate Name: shentaichiacademy.co.uk-0001
Serial Number: 4f22561699d541d02f51f161f6548dd3a55
Key Type: RSA
Domains: shentaichiacademy.co.uk
Expiry Date: 2022-08-25 18:27:37+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/shentaichiacademy.co.uk-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/shentaichiacademy.co.uk-0001/privkey.pem
Certificate Name: shentaichiacademy.co.uk
Serial Number: 32bde1749d41db2c9b907e5d9d6cf680819
Key Type: RSA
Domains: shentaichiacademy.co.uk www.shentaichiacademy.co.uk
Expiry Date: 2022-08-25 23:37:31+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/shentaichiacademy.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/shentaichiacademy.co.uk/privkey.pem
Certificate Name: www.shentaichiacademy.co.uk
Serial Number: 3f01caf2609fa39b82002ffb3391f598159
Key Type: RSA
Domains: www.shentaichiacademy.co.uk
Expiry Date: 2022-08-25 18:32:54+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.shentaichiacademy.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.shentaichiacademy.co.uk/privkey.pem

root@raspberrypi:/media/manager/MOVIES# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 shentaichiacademy.co.uk (/etc/apache2/sites-enabled/shentaichiacademy.co.uk-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com.conf:1)
alias www.example.com
port 80 namevhost shentaichiacademy.co.uk (/etc/apache2/sites-enabled/shentaichiacademy.co.uk.conf:1)
alias www.shentaichiacademy.co.uk

manager@raspberrypi:/etc/apache2/sites-enabled $ apachectl -t -D DUMP_VHOSTS
AH00526: Syntax error on line 27 of /etc/apache2/sites-enabled/shentaichiacademy.co.uk-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/shentaichiacademy.co.uk/fullchain.pem' does not exist or is empty
Action '-t -D DUMP_VHOSTS' failed.
The Apache error log may have more information.

14

That's to be expected. Regular users shouldn't have access to private keys referenced in the Apache configuration file(s).

2 Likes
15

Just double checking things...

Remotely I'm getting..

Secure Connection Failed
An error occurred during a connection to www.shentaichiacademy.co.uk. PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.

Localy I'm getting (through /etc/hosts/)
127.0.0.1 shentaichiacademy.co.uk
127.0.0.1 www.shentaichiacademy.co.uk

Loading properly.

16

The first and last/third cert names are contained in the second/middle cert.
You should switch to only use that one and delete the other two.

Yes, that won't fix your "PR_END_OF_FILE_ERROR" problem.
[we'll tackle them one at a time]

2 Likes
17

Do I just delete the files, sorry out of practice been 5 years since I did any of this or do I just run a command?

The README states DO NOT MOVE OR RENAME THESE FILES! Certbot expects these fiks. etc.

sudo certbot delete --cert-name ?

Or do I pick through these directories...

  • /etc/letsencrypt/archive
  • /etc/letsencrypt/live
  • /etc/letsencrypt/renewal

sudo certbot delete --cert-name seemed to do the trick.

Found the following certs:
Certificate Name: shentaichiacademy.co.uk
Serial Number: 32bde1749d41db2c9b907e5d9d6cf680819
Key Type: RSA
Domains: shentaichiacademy.co.uk www.shentaichiacademy.co.uk
Expiry Date: 2022-08-25 23:37:31+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/shentaichiacademy.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/shentaichiacademy.co.uk/privkey.pem

Whats Next?

18

Try:
certbot delete --cert-name shentaichiacademy.co.uk-0001
certbot delete --cert-name www.shentaichiacademy.co.uk

then check again with:
certbot certificates

1 Like
19

Yes that got it, people are telling me the site is up, but within the local network here I still get the connection error. I used my mobile with wifi off and it showed the site and others. With wifi on it only showed others and gave the same error for my site. Bit strange but i can access it on the hosting machine with the host file set.

I'm confused but as far as certificate is concerned it works in the wild,

20

My domain is:

I ran this command:
sudo certbot --apache

It produced this output: Secure Connection Failed, An error occurred during a connection to www.shentaichiacademy.co.uk. Peer reports it experienced an internal error. Error code: SSL_ERROR_INTERNAL_ERROR_ALERT. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. This was in a remote browser. It runs fine localy.

My web server is (include version):
Apache 2.4.53 (Debian)

The operating system my web server runs on is (include version):
Raspian (bullseye)

My hosting provider, if applicable, is:
At home on a raspberry pi

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.12.0

21

Hmmm. I see your website just fine. It also redirects from http to https properly. What browser or client is showing that error?

Here is what I get

curl -I https://shentaichiacademy.co.uk
HTTP/1.1 200 OK
Date: Sat, 28 May 2022 14:26:07 GMT
Server: Apache/2.4.53 (Debian)
Content-Length: 27957
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8

curl -I https://www.shentaichiacademy.co.uk
HTTP/1.1 200 OK
Date: Sat, 28 May 2022 14:26:12 GMT
Server: Apache/2.4.53 (Debian)
Content-Length: 27973
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
2 Likes