Speedtest SSL certificate problem: self signed certificate

cCosta · November 8, 2021, 11:26pm

https
- details : Response: , Error: SSL certificate problem: self signed certificate
- tip : Connection over HTTPS failed.
- status : FAILED.

My domain is:
I can't, cuz I don't have permission for this. Sorry.

I ran this command:
openssl s_client -connect mydomain.xxx.xx

It produced this output:
140638376744064:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110:
140638376744064:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
140638376744064:error:02002065:system library:connect:Network is unreachable:../crypto/bio/b_sock2.c:110:
140638376744064:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:

My web server is (include version):
apache2

The operating system my web server runs on is (include version):
debian 10.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · November 8, 2021, 11:48pm

Hi @cCosta and welcome to the LE community forum

Without a domain name, it is very difficult for anyone here to provide useful help.
The best we can do is provide generic information.
Like:

That should end with :443
As in:
echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head

This output is a bit confusing:

That you have Apache2 is not surprising.
[too many of the messes seen here seem to be with Apache misconfigurations]

Overall: I don't see how this is related to this site at all.

No indication that an LE cert is being used.

No indication that certbot is being used.
[form question left empty]
No indication that any ACME client is being used.
[form question left empty]

cCosta · November 9, 2021, 12:34am

Thanks for any help.

echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = acme-v01.api.letsencrypt.org
verify return:1
DONE
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = acme-v01.api.letsencrypt.org
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---

rg305 · November 9, 2021, 2:17am

That looks good.
Now try the same thing but using your FQDN.

cCosta · November 9, 2021, 8:39am

echo | openssl s_client -connect mydomain.xxx.xx:443 | head

140280264868992:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110:
140280264868992:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
140280264868992:error:02002065:system library:connect:Network is unreachable:../crypto/bio/b_sock2.c:110:
140280264868992:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=101

cCosta · November 9, 2021, 10:47pm

If I destroy and recreate the same VM with the same config, IP address and dns, I can certify the server again. Why?

system · December 9, 2021, 10:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.