Ssl_error_rx_record_too_long

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jhost.pw

I ran this command:

It produced this output:SSL_ERROR_RX_RECORD_TOO_LONG

My web server is (include version):Apache 2.4

The operating system my web server runs on is (include version):Centos7.6

My hosting provider, if applicable, is: my

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): v0.31.0

Hi,

For a few days (2 or 3 days), with firefox I have the following error message SSL_ERROR_RX_RECORD_TOO_LONG
which appears on the url (https://nextcloud.jhost.pw) of my website which is behind a reverse proxy.
Do you have any idea what might cause this anomaly and how can I correct it?
I also see a difference in size between the original certificate and the renewed certificate. Is that normal?
Thank you for your answer.

-rw-r–r--. 1 root root 1915 30 nov. 15:38 cert1.pem
-rw-r–r--. 1 root root 1923 15 févr. 10:31 cert2.pem
-rw-r–r--. 1 root root 1647 30 nov. 15:38 chain1.pem
-rw-r–r--. 1 root root 1647 15 févr. 10:31 chain2.pem
-rw-r–r--. 1 root root 3562 30 nov. 15:38 fullchain1.pem
-rw-r–r--. 1 root root 3570 15 févr. 10:31 fullchain2.pem
-rw-r–r--. 1 root root 1704 30 nov. 15:38 privkey1.pem
-rw-r–r--. 1 root root 1704 15 févr. 10:31 privkey2.pem

The problem is that the server is serving an insecure (HTTP) virtualhost on port 443.

i.e.

$ curl -X GET -I http://jhost.pw:443
HTTP/1.1 301 Moved Permanently
Date: Sat, 09 Mar 2019 08:28:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips

You need to go through each of your Apache <VirtualHost *:443> blocks and ensure that every single one has an SSL certificate defined and enabled. (Or on your reverse proxy, if there’s one in front of Apache).

Otherwise, misconfiguration can cause all of your HTTPS virtualhosts to stop functioning.

1 Like

Hi @pbr18

your main domain jhost.pw has the same problem. There http://jhost.pw:443/ is redirected to http://aqc.jhost.pw, that goes to the (working) https version.

But http://jhost.pw/answers with a http status 200, so it isn’t the problem that your proxy sends http traffic to the same port.

Hello,
Thank you for your answers.
My problem was related to the organization of my virtualhosts.
thank you again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.