[SOLVED] 3081029376:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332

Hi !
I created a new certificate using certbot.
everything got well with certbot there were no errors or problems reported.
the certificates got written to live/archive like expected.

I did also not change my apache web server configuration which worked with the certificates before.

So i just created new certificates for the same few domains.

When i test my letsencrypt certificates using this command
i get the following error !

openssl s_client -connect wificom.ch:443
CONNECTED(00000005)
3081029376:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:…/ssl/record/ssl3_record.c:332:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 5 bytes and written 312 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Somethign is bad !
I spent nearly the whole day to find out how to solve this Problem.
Something got broken without that i changed on my side anything !

I need to make multi domain certificate so i can use it for my postfix courier mail server and for the virtual hosts on the web server at the same time:

Please help me solve this strange problem !

I checked the apache server configuration but could not find anything wrong as it worked fine with letsencrypt the last months.

My domain is:
wificom.ch

I ran this command:

openssl s_client -connect wificom.ch:443

It produced this output:

3081029376:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:…/ssl/record/ssl3_record.c:332

My web server is (include version):

Server version: Apache/2.4.29 (Ubuntu)
Server built: 2019-07-16T18:14:45
Server’s Module Magic Number: 20120211:68
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 32-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with…
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/apache2"
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD=“logs/apache_runtime_status”
-D DEFAULT_ERRORLOG=“logs/error_log”
-D AP_TYPES_CONFIG_FILE=“mime.types”
-D SERVER_CONFIG_FILE=“apache2.conf”

The operating system my web server runs on is (include version):

Linux wificom.ch 4.15.0-33-generic #36-Ubuntu SMP Wed Aug 15 13:44:35 UTC 2018 i686 i686 i686 GNU/Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.23.0

OpenSSL Version

OpenSSL 1.1.1 11 Sep 2018

Hi @LinuXperia

there is no certificate installed. Instead, your port 443 is a http - port - https://check-your-website.server-daten.de/?q=wificom.ch

So it's impossible that OpenSsl connects your domain via https.

And why has the wificom.ch the content:

http://wificom.ch:443/
80.254.182.249
	200
	
	0.097
	Q
Visible Content: wificom.ch UNDER CONTRUCTION live jasmin sex chat

Looks like you have added a new domain, then something was wrong.

And you have a lot of active certificates, 12 Letsencrypt certificates created in the last 7 days.

So check your vHost configuration:

apachectl -S

then create the required vHost. Perhaps you have working vHosts, so you have templates.

2 Likes

Hallo Juergen !

Thank you very much for your fast and helpful Reply !

I could solve the Problem finally !

Yeahhhh !!

Here is what the problem was !

when executing

apachectl -S

I saw that i had some Virtual Hosts that would listen on any Port without that SSLEngine is turned On in this Virtual Hosts and any SSL Certificates are configured for this Virtual Hosts

VirtualHost configuration:
: is a NameVirtualHost
default server handelsrausch.de (/etc/apache2/sites-enabled/handelsrausch.de:3)
port * namevhost handelsrausch.de (/etc/apache2/sites-enabled/handelsrausch.de:3)
alias www.handelsrausch.de

So i fixed this bad configured Virtual Hosts to listen only to port 80 like this and they did not show up anymore to listen to any port anymore

<VirtualHost *:80>

After this i restarted the Webserver and checked if there was still a problem and it turned out that one of the Virtual Hosts that would listen to the 443 Port had all its SSL Configuration commend out and by this turned off. Strangely apache was using exactly this Virtual Configuration as default Virtual configuration also …

VirtualHost configuration:
*:443 is a NameVirtualHost
default server cryptominepoolcluster
port 443 namevhost …
port 443 namevhost …
port 443 namevhost …

So i fixed this bad configured HTTPS Configuration that listened on Port 443 like this

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/wificom.ch/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/wificom.ch/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Restarted the Webserver after this and all the Problem disappeared finally.

So my Websites are now encrypted with LetsEncrypt and my Mail server can receive and send mails secure using the letsencrypt certificates.

Thank you very much for the Helpful Support.
You are all Amazing !

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.