Speaks only HTTP not TLS

Help
1

Hi

I keep getting the error message that my server only speaks HTTP not TLS - i can reach the pages correctly on http and port 443 is forwarded to my server and not being blocked.

I tried to include my log but it said exceeded the character limit.
Any help much appreciated

Please fill out the fields below so we can help you better.

My domain is:syborgn.co.uk

I ran this command:sudo certbot --apache

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: syborgn.co.uk
2: recipes.syborgn.co.uk
3: www.syborgn.co.uk

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for syborgn.co.uk
tls-sni-01 challenge for recipes.syborgn.co.uk
tls-sni-01 challenge for www.syborgn.co.uk
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. syborgn.co.uk (tls-sni-01): urn:acme:error:malfo rmed :: The request message was malformed :: Server only speaks HTTP, not TLS, r ecipes.syborgn.co.uk (tls-sni-01): urn:acme:error:malformed :: The request messa ge was malformed :: Server only speaks HTTP, not TLS, www.syborgn.co.uk (tls-sni -01): urn:acme:error:malformed :: The request message was malformed :: Server on ly speaks HTTP, not TLS

My web server is (include version):apache2 2.4.25

The operating system my web server runs on is (include version): ubuntu 17.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

2

This error means that you have incorrectly configured the server to act like a normal (unencrypted) HTTP server, but using the default HTTPS port, port 443.

You need to tell Apache (or if the port is being “forwarded” by reverse proxy software not just a Firewall type rule, the reverse proxy) to turn on SSL / TLS for this port 443, not to just answer it as normal HTTP (which is how things would work on port 80 usually)

It’s OK to do this even though you don’t yet have the certificates to make SSL trusted in a browser - Certbot will sort that part out once the server is using SSL.

3

thanks for your reply

The configuration i have done to enable the virtual host for the subdomain and to enable the SSL module.

It won’t connect to the domain if i try and use ssl

4

Or just remove any existing configuration references that say to listen on port 443! (if the server doesn't already have any working HTTPS virtual hosts)

5

I have disabled the the two ssl.conf files (default-ssl.conf & my subdomain-ssl.conf) and I still get the same message.

6

Hello,
I have the same issue using
certbot --apache -w /var/www/sub.example.net -d sub.example.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for sub.example.net
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. sub.example.net (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Server only speaks HTTP, not TLS

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: sub.example.net
    Type: malformed
    Detail: Server only speaks HTTP, not TLS

    To fix these errors, please make sure that you did not provide any
    invalid information to the client, and try running Certbot again.
    I have clear installed apache and certbot. Unfortunately, as a new user I cannot attach log files. :disappointed:

7

i found the solution for my case: i had 2 configs for frontend and backend, and only frontend config was enabled, but certbot (I dont know why) defined only backend config which was configured on localhost. I had simply deleted backend config, and then certbot worked perfectly.

9

I uninstalled Apache and started again and it worked - must have been a configuration issues somewhere

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.