SSL_ERROR_RX_RECORD_TOO_LONG nginx

Help
1

My domain is: haristocrate.fr
My web server is : nginx 1.18.0
The operating system my web server runs on is : ubuntu 20.04 Server
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine : yes
The version of my client is: certbot 1.11.0

hello, i tried to run a server but the browsers give me an error.
firefox: SSL_ERROR_RX_RECORD_TOO_LONG
chrome / edge (yes I did): ERR_SSL_PROTOCOL_ERROR
I have browsed the net but without success.
Here is the config file of my nginx:

*server {
listen 80;
server_name haristocrate.fr www.haristocrate.fr;

    location / {
            return 301 https://haristocrate.fr$request_uri;
    }

}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#rediriger la version https://WWW.$url en https://$url
server {
listen 443 default_server ssl;
server_name www.haristocrate.fr;

    #la protocole ssl
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate /etc/letsencrypt/live/haristocrate.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/haristocrate.fr/privkey.pem;

    #redireton en version sans WWW
    location : {
            return 301 https://haristocrate.fr$request_uri;
    }

}

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#le bloc finale.
server {
listen 443 ssl;
listen [::]:443 ssl;

    server_name haristocrate.fr;

    root /var/www/haristocrate/test;
    index index.html;

    error_log /var/log/nginx/haristocrate.fr.log notice;
    access_log off;

#Locations
#~ interdire tout les fichier commencant par un point
location ~ /. { deny all; }

    #SSL
    #ssl on;
    ssl_certificate /etc/letsencrypt/live/haristocrate.fr/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/haristocrate.fr/privkey.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    #ssl_trusted_certficate /etc/letsencrypt/live/haristocrate.fr/fullchain.pem;

    #session Tikets
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_session_cache shared:SSL:100m;
    ssl_session_ticket_key /etc/nginx/ssl/ticket.key;
    ssl_dhparam /etc/nginx/ssl/dhparam4.pem;

    #ECDH Curve
    ssl_ecdh_curve secp384r1;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}
*
I would like to clarify that before the server was running on apache and on another machine and the certificate worked very well.
now I would like to switch to Nginx and to another machine (the other is dead) so I generate another certificate, can this be a problem?
the new server has a different local address from the old one but the same public address.

can someone help me please?

1 Like
2

Hi @rudra.raw

that error says: Your port 443 is a http port, not a https port.

There you see it:

D:\temp>download http://haristocrate.fr:443/ -h
Connection: keep-alive
Content-Length: 178
Content-Type: text/html
Date: Fri, 22 Jan 2021 10:33:12 GMT
Location: https://haristocrate.fr/
Server: nginx/1.18.0 (Ubuntu)

Status: 301 MovedPermanently

http + port 443 sends a correct http answer, should be an error message.

So your configuration is buggy or you have a wrong port forwarding port 443 extern -> port 80 intern. What says

nginx -T
2 Likes
4

Now your https + non-www

https://haristocrate.fr/

works :+1:

2 Likes
5

hello JuergenAuer, thank you very much for your prompt feedback, which is also the solution to my problem.
in fact I had to use a rule on my router by listing the ports separated by a comma.
the router must have thought that the two ports are the same.
I made two separate rules and it works.

thank you once again.

3 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.