SSL handshake fail on HTTPS request from B&R PLC to Ubuntu server

RickMA-IT · January 12, 2024, 8:28am

Okay but when I'm adding a certificate, the certificate is RSA. For example, there are some commands in my init-letsencrypt.sh to create a cert. As far as I know there no command in my files which includes ECDSA or is that the default type of a letsencrypt cert?
What are the commands to add a RSA cert into my webserver?

Osiris · January 12, 2024, 8:56am

Uch, that script is terribly written.. It often deletes perfectly fine certificates.

I believe the aformentioned terrible script uses Certbot as the ACME client and since Certbot 2.0.0 it defaults to ECDSA certs.

Assuming you're indeed using Certbot as the ACME client, please see User Guide — Certbot 2.6.0 documentation

RickMA-IT · January 12, 2024, 9:32am

I'm indeed using certbot so if certbot certs are ECDSA by default, it makes sense.
I will try to add an RSA cert using the guide you sent.

RickMA-IT · January 16, 2024, 1:24pm

Due further research, I found the SSL-config file in the B&R PLC application. In this file are the supported cipher-suits showed. This cipher-suites differ with the cipher-suites in the options-ssl-nginx.conf file. The cipher suites in de B&R are older types.
To fix this, is it as simple as changing the options-ssl-nginx.conf file by adding the older cipher-suits and restart the server? Or how can I fix this?

The next question is how can I fix this by changing the init-letsencrypt.sh file so it added to my Gitlab version control?

RickMA-IT · January 17, 2024, 11:19am

When I try to execute a renew command in certbot to create a new certificate, I receive the following error:

Processing /etc/letsencrypt/renewal/testclms.perfotec.com.conf

Renewal configuration file /etc/letsencrypt/renewal/testclms.perfotec.com.conf is broken.
The error was: expected /etc/letsencrypt/live/testclms.perfotec.com/cert.pem to be a symlink
Skipping.

No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/testclms.perfotec.com.conf (parsefail)

0 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The log file does not exist.
I think this is because of the actions in the init-letsencrypt.sh file.

Is anyone able to help me out?

rg305 · January 17, 2024, 11:40am

system · February 16, 2024, 11:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Polycom SIP handset TLS handshakes fail Help	5	77	September 13, 2024
SSL_do_handshake() failed Help	18	2935	November 1, 2019
Paypal Handshake Issue Server	1	3926	February 18, 2016
Ssl handshake failures Help	3	520	June 5, 2020
Certbot renew giving BAD SSL Handshake Error Help	4	2460	April 18, 2018

SSL handshake fail on HTTPS request from B&R PLC to Ubuntu server

Related topics