SSLForFree's and Certbot's SSL certs dont work in firefox websocket connection

My domain is:
https://dungeone.tk
My web server is (include version):
Apache 2.4.41 Hosted in WAMP
The operating system my web server runs on is (include version):
Windows 10
.

Issue:
SSL in websocket connection doesnt work in Firefox (works in chrome and edge).
When happens:
Player loads my game at https://dungeone.tk and he should then be connected immediately to the game server via SSL websockets but it fails on Firefox.
Errors:
FF console: Firefox can’t establish a connection to the server at wss://dungeone.tk:7780/.
My (game) server: https://hatebin.com/nlsmjozsqg
Someone else who tried it in FF: SSL_ERROR_UNSUPPORTED_VERSION
.

WAMP directives:
SSLCertificateFile “C:/Users/charl/OneDrive/Desktop/TK SSL LETS ENCRYPT/certificate.crt”
SSLCertificateKeyFile “C:/Users/charl/OneDrive/Desktop/TK SSL LETS ENCRYPT/private.key”
SSLEngine on
SSLCACertificateFile “C:/Users/charl/OneDrive/Desktop/TK SSL LETS ENCRYPT/ca_bundle.crt”
.

I tried online generators and Certbot following their guide but i always get same result. What should I do?

zerossl no longer uses Let’s encrypt for certificate : but I don’t think you are using any certificate setted port 7780

could you elaborate? what am supposed to do with that port?

what’s your websocket server?

what’s your websocket server?

I host my game in Unity’s Mirror (based on UNet) on same IP and machine as the website dungeone.tk

Hi @dugudugu

that’s good. See your check result - https://check-your-website.server-daten.de/?q=dungeone.tk%3A7780

There is only Tls.1.0 active. That’s deprecated, FF blocks that. Chrome will follow.

Enable Tls.1.2 and disable Tls.1.0.

2 Likes

Enable Tls.1.2 and disable Tls.1.0.

I changed my WAMP configuration and retested and indeed now it shows 1.2 and 1.3 working but the issue remains.

I don’t think your wamp controls port 7780. where’s the mirror’s setting?
can you upload apache config for that?

1 Like

There are tests of the main domain.

Not of that special port. Check that port.

2 Likes

There are tests of the main domain.
Not of that special port. Check that port.

indeed theres no tls.1.2 ,tls1.3 and http/2 (which i just enabled) on dungeone.tk:7780

the site is hosted on port 443 (at least the ssl version) but the 7780 is the websocket port of my game.

Am not really good at WAMP and apache stuff - should it try to add 7780 to WAMP?

the general advice about websocket ssl in Unity was to upload .PFX file in main unity folder and then specify port and add credentials. PFX I generated from SSL. and by the way, websockets worked without SSL.

EDIT
indeed after enabling firefox tls 1.0 support in firefox the game worked

I also installed TLS1.2 in windows 10 but it didnt make a change
Seems its my game server that doesnt support TLS 1.2 but i cant do anything about that

if there was a way to show HTTPS in URL Bar and be able to make HTTP connection to websockets that would fix all issues

Looks like you use a too old package with too old libraries.

Chrome will remove the Tls.1.0 support too. And http downloads will be blocked with one of the next Chrome.

PS:

No, http and Tls.1.0/1.1 is deprecated. Game over.

2 Likes

If it’s just HTTPS / Websockets maybe a reverse proxy could be used to support newer version of TLS?

1 Like

If it’s just HTTPS / Websockets maybe a reverse proxy could be used to support newer version of TLS?

indeed i remember reading such advice in internet, do you know how to set it up, @ski192man ?

I hope Let’s Encrypt or someone will provide an official suggestion sometime, but you might want to search for “nginx reverse proxy”, “nginx terminate tls”, or “caddy reverse proxy”. I’m sure there are some pretty decent articles about this topic.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.