Suddenly SSL_ERROR_RX_RECORD_TOO_LONG?

Hi!

I have a site on Digital Ocean that been working for months. Suddenly we run in to this:
SSL_ERROR_RX_RECORD_TOO_LONG in Firefox
ERR_SSL_PROTOCOL_ERROR in Chrome-

This is very critical for us, it is a live production server.

My domain is: eclife.se

I ran this command: apache2ctl -S

It produced this output:
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:443 eclife.se (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

My web server is (include version): Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-50-generic x86_64)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Digital Oceant

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @jskarp

your www-version works, your non-www version not ( https://check-your-website.server-daten.de/?q=eclife.se ):

But I don't see the SSL_ERROR_RX_RECORD_TOO_LONG error. That happens if a server sends http over a https port.

But trying to check your non-www version manual there is a bigger problem.

Google Safe Browsing warns:

Betrügerische Website blockiert

Firefox hat diese Seite blockiert, da sie versuchen könnte, Sie mittels Tricks dazu zu bringen, Software zu installieren oder persönliche Informationen wie Passwörter oder Kreditkarteninformationen preiszugeben.

Chrome says "Phishing". Perhaps your website was hacked and a subdirectory contains a phishing page.

Thank you for your fast reply - very much appreciated.

I have restored a three week old backup from digital ocean and sent a request to Google Index via Webmaster Tools.

During the time for their reply, is there anything I can do to check the configuration on the server regarding “The request was aborted: Could not create SSL/TLS secure channel.” for the SSL site?

Your https + www works, your non-www not. So there are different vHosts used, that's not good.

Check your vHost config with

apachectl -S

and add a ServerAlias to your working vHost.

How do I do that? Never done that before unforntunately.

apachectl -S

gives

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  eclife.se (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.