SSL_ERROR_RX_RECORD_TOO_LONG after VM migration

Hello,

I have a strange issue whereby I am running certbot on a VM which is working fine, no issues.

I tried to migrate the VM onto another (physical) host as part of a server migration piece of work and when I restarted the VM on the new host, I was getting SSL_ERROR_RX_RECORD_TOO_LONG. Going back to the old host, all works OK, which is confusing as the new host has an exact replicated version of the VM, so they should be (within 5 minutes) identical VM’s…

The VM’s were migrated via the Hyper-V replication method. Interestingly I had two nearly identical VM’s and one worked, the other one didn’t and gave the above error.

I am currently using certbot 0.10.2 on the server that is not working after the migration. The VM that migrated without issue is running certbot 0.25.0

Is there anything in 0.10.2 that could cause this? The only thing that should have changed is the MAC address of the VM as it moved to a new physical host.

Has anyone experienced this or any ideas what I can do to resolve?

Thanks.

Hi @omega1

that means: Your https port 443 sends plain http. That may be

  • a wrong webserver configuration (and / or)
  • a wrong port forwarding port 443 extern -> port 80 intern

There is a helpful template:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


PS: 0.25 and 0.10 are very old. Perhaps update your certbot.

1 Like

Hi @JuergenAuer, thanks for your reply. No issues supplying the data, but I’m not sure that will help as I have stopped the migrated VM and reverted back to the original one and it works. Considering the VM ‘should’ be the same as the original one in every single way (except the MAC address), config files are surely not relevant as the VM migration doesn’t touch the file structure or content in any way.

Things like the Virtual Host file, Apache config file, etc, are identical so cannot be the cause of the issue.

The only thing I can think of is that the certificate is somehow tied to the MAC address, or that I did not give the browser enough time to realise that something changed (but what?), but I fail to see what as a nearly identical VM was migrated without this issue with the only difference being the certbot version.

I guess my question is, is the certificate somehow tied to the MAC address in any way? The hostname, IP address, everything is the same on the migrated VM on the new physical host.

Thanks.

A certificate has nothing to do with a MAC address (or ip address, server OS, webserver software). Only the domain name is relevant.

Thanks for the confirmation on that.

Well the domain certainly didn’t change so I’m stuck on this one. As the other migration worked fine, I’ll request a longer outage window and see if I was just being impatient, and also will try and gather more info on browser behavior immediately after the change. Try clearing caches, browsing from different networks/devices, etc…

Thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.