SSL Error on page


#1

My Browser responds with a “ERR_SSL_PROTOCOL_ERROR” when I visit my website imagineclan.de
Actually it worked perfectly, but I added a subdomain and some days later this error shows up.

/etc/apache2/sites-enabled/000-default.conf
https://pastebin.com/sqA3xJ7G

/etc/apache2/ports.conf
https://pastebin.com/XESmFZ8t


#2

Hi @waayne,

Your site has a different configuration in IPv4 and IPv6. The IPv4 site is working properly, while the IPv6 site is misconfigured.


#3

Hey,

thanks for the very fast answer! What do you mean by misconfigured?


#4

I think you mean the IPv4 site is not working!

https://letsdebug.net/imagineclan.de/1180?debug=y


#5

Okay thats good to know. But what do I need to do now exactly?


#6

Confirm that the IPv4 address of the domain actually matches the server’s IPv4 address.

I think this is the most likely explanation, since the IPv4 and IPv6 addresses are owned by entirely different networks (ZapHosting and OneAndOne, respectively).

Otherwise …

Check that your Apache configuration is binding to both IPv4 and IPv6 addresses, because from the outside, it looks like its only setup to bind to IPv6 addresses or maybe IPv4 is only bound to a local address (like 127.0.0.1).

https://httpd.apache.org/docs/2.4/bind.html


#7

The domain (registered at 1&1) has an A Record to the IPv4 address of my vServer from ZapHosting.

Also in the config it says “Listen 80”, which means it should listen to all IPs afaik.


#8

It looks like you fixed something in the last 10 minutes and now the site is responding on IPv4.

What about your AAAA/IPv6 address? It’s pointing to 1&1. If that’s wrong, you need to remove it.

After you’ve done that, you should be able to issue a certificate.


#9

Well yeah, I deleted my subdomain “net.imagineclan.de” which points to my friend’s vServer and rebooted my Server.


#10

Okay, deleted the IPv6, now there is no error on the site you linked, but I still got the SSL error.


#11

I see it working fine in IPv4 (and always did—I only got the error in IPv6).

What browser are you using? Do you have access to another browser for comparison?


#12

I tried it with Microsoft Edge. http works fine, but on accessing https there is an error, which reads the site would be unsafe.


#13

You don’t see the site redirecting you from HTTP to HTTPS? Is it possible that you have a hosts entry or something that’s showing a different version of the site than the general public sees?


#14

No, it isn’t redirecting me. I don’t know, any way to check this?

EDIT: So this means you can access the website?


#15

Yes, I’ve been able to access it in IPv4 continually since you first posted here. I have no problems. I also see the HTTP version of the site redirecting me to HTTPS. That makes me think that you and I must not be seeing the same version of the site somehow.


#16

Okay that’s strange. Friend of mine can access the website, too… But I still can’t…


#17

What IP address does your computer say the site is located at?


#18

I see the page - correct with Edge and LE-Certificate.

http is redirected to https


#19

IPv6 HTTPS is broken: https://www.ssllabs.com/ssltest/analyze.html?d=imagineclan.de&hideResults=on&latest


#20

My computer connects to the IPv6, which actually isn’t linked anymore.

Ping wird ausgeführt für imagineclan.de [2001:8d8:100f:f000::27c] mit 32 Bytes Daten:
Antwort von 2001:8d8:100f:f000::27c: Zeit=50ms
Antwort von 2001:8d8:100f:f000::27c: Zeit=14ms
Antwort von 2001:8d8:100f:f000::27c: Zeit=15ms
Antwort von 2001:8d8:100f:f000::27c: Zeit=16ms

Ping-Statistik für 2001:8d8:100f:f000::27c:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 14ms, Maximum = 50ms, Mittelwert = 23ms