Transient SSL Hanshake Errors


My domain is:

I ran this command: wget

It produced this output:

Resolving (…
Connecting to (||:443… connected.
OpenSSL: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
OpenSSL: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
OpenSSL: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature
Unable to establish SSL connection.

My operating system is (include version): Ubuntu 14.04

My web server is (include version): Apache 2.4.7

My hosting provider, if applicable, is: CANARIE Dair

I can login to a root shell on my machine (yes or no, or I don’t know): no, but do have sudo priviledges

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.

Hello, first off I would like to say that I am new to let's encrypt as well as with dealing with SSL in general so I apologize if I am making some silly mistakes, but here is the situation.

I have recently begun managing the cloud set up at work which has just migrated to a new service and ever since the migration we have begun experiencing some odd SSL errors. We have used certbot-auto with the apache option to generate the certificates and as far as I can tell from the logs the certificates were generated successfully; however, when trying to reach the api hosted there we will sometimes receive SSL handshake errors the message from which can be seen above. Then simply by trying again without changing anything, it seems to work. Another odd attribute of the problem is that it is solved by simply restarting Apache - at least for a day or so at which point it tends to flare up again. Since any changes to the Apache configuration require a restart, it has been very difficult to get information on the error.

Unfortunately, I do not have the most information on the new hosting provider, they are called CANARIE Dair and are part of a program put on by the Canadian government to provide hosting services to small businesses, but I have sent an email to their support to see if there are special SSL considerations and am waiting to hear back.

If anyone has seen anything like this or has any ideas it will be greatly appreciated. Thank you.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.