SLL too long OR wrong redirect page

Alright instead to set manual SLL I decided to go with let’s encrypt on a fresh install of Mint 19.2

following this guide:

https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-18-04/

It’s worked fine I been able to create the SSL, however now I encounter two problem called: SSL_ERROR_RX_RECORD_TOO_LONG or “WRONG PAGE REDIRECT”

I took time to look and read many post since this setting problem is recurrent.
And I did’t been able to fix it.

I get “SSL_ERROR_RX_RECORD_TOO_LONG” If my VirtualHost is settle like this:

 <VirtualHost *:80>

ServerName cloud.oursecretgarden.xyz
ServerAlias www.cloud.oursecretgarden.xyz

Redirect permanent / https://cloud.oursecretgarden.xyz/

<VirtualHost *:443>
ServerName cloud.oursecretgarden.xyz
ServerAlias www.cloud.oursecretgarden.xyz

Protocols h2 http:/1.1

<If “%{HTTP_HOST} == ‘cloud.oursecretgarden.xyz’”>
Redirect permanent / https://cloud.oursecretgarden.xyz/

DocumentRoot /var/www/cloud.oursecretgarden.xyz/public_html
ErrorLog {APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-error.log CustomLog {APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-access.log combined

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/privkey.pem

Other Apache Configuration

However If I try to access to the web page using the https://local IP instead of the domain name it works.

but If i change: 80 into 443 , I won’t get SSL errors AND i will get “WRONG REDIRECT” problem and i won’t be abble to access it by https://IP or either name domain.

If you have any question for i can be more clear here I am, I guess i missed a settings somewhere.

1 Like

Hi @yagami

the SSL_ERROR_RX_RECORD_TOO_LONG error means: Your port 443 sends http content, not https content. So the client expects a TLS-handshake, but the server sends the complete page -> the content is too long.

But checking your site looks like you have fixed that problem. Now you have another problem - a direct loop - https://check-your-website.server-daten.de/?q=cloud.oursecretgarden.xyz

Domainname Http-Status redirect Sec. G
http://cloud.oursecretgarden.xyz/
78.231.177.38 301 https://cloud.oursecretgarden.xyz/ 0.106 A
https://cloud.oursecretgarden.xyz/
78.231.177.38 301 https://cloud.oursecretgarden.xyz/ 4.130 L
http://cloud.oursecretgarden.xyz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
78.231.177.38 301 https://cloud.oursecretgarden.xyz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.110 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.29 (Ubuntu) Server at cloud.oursecretgarden.xyz Port 80
https://cloud.oursecretgarden.xyz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 301 https://cloud.oursecretgarden.xyz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 3.283 L
Visible Content: Moved Permanently The document has moved here . Apache/2.4.29 (Ubuntu) Server at cloud.oursecretgarden.xyz Port 443

https + non-www redirects to https + non-www.

Perhaps you have a redirect http -> https. Add that only to your port 80 vHost, not to your port 443 vHost.

1 Like

Hum in this case of loop what can I do?

The redirect seems to be coming from the HTTPS virtual host here.

You need to remove it, or change it to do something else.

The file I show is the file created by let’encrypts, so do I need to edit the file 000-default.conf and default-ssl.conf? or those files is not requiered since let’encrypt create a file with the name of the web site?

Also I tried to edit the part you show me, the result is SSL TOO LONG or Apache2 is broken.

Looks like you have a buggy configuration.

What says

apachectl -S

Check your vHost configuration (apachectl -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost.

Read your last check - 40 minutes old - https://check-your-website.server-daten.de/?q=cloud.oursecretgarden.xyz

Domainname Http-Status redirect Sec. G
http://cloud.oursecretgarden.xyz/
78.231.177.38 301 http://cloud.oursecretgarden.xyz/ 0.107 L
https://cloud.oursecretgarden.xyz/
78.231.177.38 301 https://cloud.oursecretgarden.xyz 3.947 A
https://cloud.oursecretgarden.xyz 301 https://cloud.oursecretgarden.xyz 3.277 L
http://cloud.oursecretgarden.xyz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
78.231.177.38 301 http://cloud.oursecretgarden.xyz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.110 L
Visible Content: Moved Permanently The document has moved here . Apache/2.4.29 (Ubuntu) Server at cloud.oursecretgarden.xyz Port 80

http is redirected to http -> that's wrong, must be https as destination.

And your https redirect isn't required, but now it's a different redirect, the / at the end is missing.

With that configuration, creating a Letsencrypt certificate via http validation wouldn't work -> Loop.

Alright,

there is the answer for apachectl -s

sudo apachectl -S

[sudo] password for nextcloud:
AH00112: Warning: DocumentRoot [/var/www/cloud.oursecretgarden.xyz/public_html] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:1)
alias www.cloud.oursecretgarden.xyz
*:443 cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:9)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

Shall I delete some files en restart properly ?

Good: You don’t have duplicated combinations port / domain name.

Not so good: Your configuration may be buggy.

First: Split your /etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf in two files, so you have one config port 80 and one config port 443.

My original site-enabled is composed of one file named 000-default.conf and another cloud.oursecretgarden.xyz.conf

I opened cloud.oursecretgarden.xyz.conf

 <VirtualHost *:80>
  ServerName cloud.oursecretgarden.xyz
  ServerAlias www.cloud.oursecretgarden.xyz

  Redirect permanent / https://cloud.oursecretgarden.xyz/
</VirtualHost>


<VirtualHost *:443>
  ServerName cloud.oursecretgarden.xyz
  ServerAlias www.cloud.oursecretgarden.xyz
  Protocols h2 http:/1.1

  <If "%{HTTP_HOST} == 'cloud.oursecretgarden.xyz'">
    Redirect permanent / https://cloud.oursecretgarden.xyz/
  </If>

  DocumentRoot /var/www/cloud.oursecretgarden.xyz/public_html
  ErrorLog ${APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-error.log
  CustomLog ${APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-access.log combined

  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/privkey.pem

  # Other Apache Configuration

</VirtualHost>

so you recommand me to split this file in two file?
how shall I name them?

There

is your wrong redirect. Remove these rows.

Please read the basic documentation. If you remove a starting <IF - element, you have to remove the content of that element and the ending </IF> element.

PS: Ah, the quote removes the ending element.

<If "%{HTTP_HOST} == 'cloud.oursecretgarden.xyz'">
 Redirect permanent / https://cloud.oursecretgarden.xyz/ 
</If>

wow you are right;

I deleted it and it is working, I didn't writed this line i tough it came automatically with let's encrypt ?

So if I type again the previous command you gave me,

Apachectl -S

sudo apachectl -S

AH00112: Warning: DocumentRoot [/var/www/cloud.oursecretgarden.xyz/public_html] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:1)
alias www.cloud.oursecretgarden.xyz
*:443 cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:9)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

It's correct in your port 80 vHost, but not in your port 443 vHost.

That may be the problem if you have all in one file.

So, with your help we discovering that delete:

<If "%{HTTP_HOST} == 'cloud.oursecretgarden.xyz'">
 Redirect permanent / https://cloud.oursecretgarden.xyz/ 
</If>

Allow me to access the website in HTTPS,
However regarding the result of the command:

systemctl apache2 -s

AH00112: Warning: DocumentRoot [/var/www/cloud.oursecretgarden.xyz/public_html] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:1)
                 alias www.cloud.oursecretgarden.xyz
*:443                  cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:9)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Seem the configuration remain not proper enough isn’t it?

And the result of check my website show me some information that remain obscure to me.

Misconfiguration - http-status 400 - 499

Thank you to take time to help me understand and fixing those code.

There is no content, a simple http status 404 - Not Found.

Where is your content? Or an index.html file?

That’s is interessting because I use this Apache server to use Nextcloud so nextcloud is in my VM, maybe it is cause by a wrong configuration.

The nextcloud is reachable and working fine.

If you don’t want content there, the 404 is ok.

And https://cloud.oursecretgarden.xyz/nextcloud/ works.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.