Unable to establish SSL connection: wrong version number

nathan-jimin · July 11, 2021, 6:32pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gencyberbook.com

I ran this command: wget -v gencyberbook.com

It produced this output:--2021-07-11 18:09:17-- http://gencyberbook.com/ Resolving gencyberbook.com (gencyberbook.com)... 3.101.9.7 Connecting to gencyberbook.com (gencyberbook.com)|3.101.9.7|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://gencyberbook.com/ [following] --2021-07-11 18:09:17-- https://gencyberbook.com/ Connecting to gencyberbook.com (gencyberbook.com)|3.101.9.7|:443... connected. OpenSSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number Unable to establish SSL connection.

My web server is (include version): Apache/2.4.41

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

Hi, I made a previous post on troubleshooting certbot and was pleasantly surprised with the results. However, I am running into another problem with connecting to the website itself. The website is returning a ERR_SSL_PROTOCOL_ERROR everytime I try on Chrome, and is also returning the error mentioned above when running curl or wget. I have tried checking sslLabs and https://check-your-website.server-daten.de/?q=gencyberbook.com to find more details about the error, but not too sure where to look.
Does anyone know what to do with this error? Please help!

Osiris · July 11, 2021, 7:59pm

Your site is answering with HTTP on port 443, which is bad. It should talk HTTPS on port 443 and HTTP on port 80. This is due to a misconfiguration in your Apache configuration.

nathan-jimin · July 11, 2021, 9:00pm

@Osiris Thank you for reading my issue! I checked my VirtualHosts and they seem to point in the right direction? The port 80 VirtualHost has a redirect to port 443 VirtualHost. Here are both my VirtualHost files

/etc/apache2/sites-enabled/ossn.conf

<VirtualHost *:80>
ServerAdmin nathan@GenCyberbook.com
DocumentRoot /var/www/html/ossn
ServerName gencyberbook.com
ServerAlias www.gencyberbook.com

<Directory /var/www/html/ossn/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/ossn_error.log
CustomLog ${APACHE_LOG_DIR}/ossn_access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =gencyberbook.com [OR]
RewriteCond %{SERVER_NAME} =www.gencyberbook.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

and /etc/apache2/sites-enabled/ossn-le-ssl.conf

<VirtualHost *:443>
ServerAdmin nathan@GenCyberbook.com
DocumentRoot /var/www/html/ossn
ServerName gencyberbook.com
ServerAlias www.gencyberbook.com

<Directory /var/www/html/ossn/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/ossn_error.log
CustomLog ${APACHE_LOG_DIR}/ossn_access.log combined

SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/gencyberbook.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gencyberbook.com/privkey.pem
</VirtualHost>
</IfModule>

Osiris · July 11, 2021, 9:00pm

Could you perhaps paste the output of sudo apachectl -S?

nathan-jimin · July 11, 2021, 9:02pm

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server gencyberbook.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost gencyberbook.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost gencyberbook.com (/etc/apache2/sites-enabled/ossn-le-ssl.conf:2)
                 alias www.gencyberbook.com
*:80                   is a NameVirtualHost
         default server dummyname.com (/etc/apache2/sites-enabled/000-default.conf:2)
         port 80 namevhost dummyname.com (/etc/apache2/sites-enabled/000-default.conf:2)
         port 80 namevhost gencyberbook.com (/etc/apache2/sites-enabled/ossn.conf:1)
                 alias www.gencyberbook.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Osiris · July 11, 2021, 9:05pm

As you can see, default-ssl.conf also has a port 443 virtualhost for gencyberbook.com enabled. Might be the source of the issue.

That said, that doesn't explain why this issue also exists for www.gencyberbook.com, which is not enabled in the port 443 virtualhost in default-ssl.conf?

Anyway, you seem to have disabled the default virtualhost in 000-default.conf by changing the ServerName to "dummyname.com". I would recommend not using such names which might exist, but choose something like "localhost" or "example.com". And try that for default-ssl.conf too.

nathan-jimin · July 11, 2021, 9:27pm

Changed ServerName to localhost in 000-default.conf. Also checked to see default-ssl.conf. but had no "ServerName" anywhere. Still not working so far. apachectl -S does not also have any difference either besides the localhost

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server gencyberbook.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost gencyberbook.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost gencyberbook.com (/etc/apache2/sites-enabled/ossn-le-ssl.conf:2)
                 alias www.gencyberbook.com
*:80                   is a NameVirtualHost
         default server localhost (/etc/apache2/sites-enabled/000-default.conf:2)
         port 80 namevhost localhost (/etc/apache2/sites-enabled/000-default.conf:2)
         port 80 namevhost gencyberbook.com (/etc/apache2/sites-enabled/ossn.conf:1)
                 alias www.gencyberbook.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Osiris · July 11, 2021, 9:29pm

Without a ServerName, Apache will use the actual hostname of the server. Please add a ServerName directive (such as localhost or example.com too) and try again.

nathan-jimin · July 11, 2021, 9:31pm

No luck. Added ServerName localhost into it.
Here's apachectl -S again

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server localhost (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost localhost (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost gencyberbook.com (/etc/apache2/sites-enabled/ossn-le-ssl.conf:2)
                 alias www.gencyberbook.com
*:80                   is a NameVirtualHost
         default server localhost (/etc/apache2/sites-enabled/000-default.conf:2)
         port 80 namevhost localhost (/etc/apache2/sites-enabled/000-default.conf:2)
         port 80 namevhost gencyberbook.com (/etc/apache2/sites-enabled/ossn.conf:1)
                 alias www.gencyberbook.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

rg305 · July 12, 2021, 2:07am

Please check the port forwarding.
I suspect that:

80 > 80 [this is good]
443 > 80 [this is bad]

Make sure external 443 goes to internal 443.

See:
wget -v http://gencyberbook.com:443/
curl -v http://gencyberbook.com:443/

nathan-jimin · July 12, 2021, 3:53pm

Funny enough, it does return a broken website and makes a valid connection (somewhat)

ubuntu@gencyberbook:~$ wget -v http://gencyberbook.com:443/
--2021-07-12 15:38:13--  http://gencyberbook.com:443/
Resolving gencyberbook.com (gencyberbook.com)... 3.101.9.7
Connecting to gencyberbook.com (gencyberbook.com)|3.101.9.7|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html              [ <=>                ]   8.47K  --.-KB/s    in 0s      

2021-07-12 15:38:13 (55.4 MB/s) - ‘index.html’ saved [8672]

ubuntu@gencyberbook:~$ curl -v http://gencyberbook.com:443/
*   Trying 3.101.9.7:443...
* TCP_NODELAY set
* Connected to gencyberbook.com (3.101.9.7) port 443 (#0)
> GET / HTTP/1.1
> Host: gencyberbook.com:443
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Mon, 12 Jul 2021 15:38:29 GMT
< Server: Apache/2.4.41 (Ubuntu)
< Set-Cookie: PHPSESSID=1s1vtua6do15aoc2qq40k5bcje; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
< 
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>Welcome : gencyberbook.com</title>
    <meta name="viewport" content="width=device-width, initial-scale=1" />
	
	<!-- 
	Open Source Social Network (Ossn) https://www.opensource-socialnetwork.org/     
	BY Informatikon Technologies (http://informatikon.com/)
	BY SOFTLAB24 (https://www.softlab24.com/)
	-->    
<link rel="stylesheet" type="text/css" href="http://gencyberbook.com/ossn/cache/css/1625782389/view/bootstrap.min.css" />
<link rel="stylesheet" type="text/css" href="http://gencyberbook.com/ossn/cache/css/1625782389/view/ossn.default.css" />
<script src="http://gencyberbook.com/ossn/cache/js/1625782389/view/ossn.en.language.js"></script>
<script src="http://gencyberbook.com/ossn/vendors/jquery/jquery-1.11.1.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.4/jquery-ui.min.js"></script>
<script src="http://gencyberbook.com/ossn/vendors/jquery/jquery-arhandler-1.1-min.js"></script>
<script src="http://gencyberbook.com/ossn/components/OssnAutoPagination/vendors/jquery.scrolling.js?ossn_cache=b8987d9f"></script>
<script src="http://gencyberbook.com/ossn/components/PasswordValidation/vendors/underscore-min.js"></script>
<script src="http://gencyberbook.com/ossn/vendors/tinymce/tinymce.min.js"></script>
<script src="http://gencyberbook.com/ossn/cache/js/1625782389/view/opensource.socialnetwork.js"></script>
<link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" />
<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=PT+Sans:400italic,700,400" />
<script src="http://gencyberbook.com/ossn/themes/facebook/vendors/bootstrap/js/bootstrap.min.js"></script>
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/jqueryui/1.10.4/css/jquery-ui.css" /><script>
</script>
<script>
</script><script>
$(document).ready(function() {
	$("[class*='textarea-language-']").hide();
	$('.textarea-language-en').show();
});
function comTextareaSupportToRGB(color) {
	if (color.indexOf('rgba') === -1)
		color += ',1'; 
	return color.match(/[\.\d]+/g).map(function (a) {
		return +a
	});
}
</script>
    <script>
         	
	Ossn.site_url = 'http://gencyberbook.com/ossn/';
	Ossn.Config = {"token":{"ossn_ts":1626104309,"ossn_token":"bfe8a97b9bc2aa7737135ad63711e150"},"cache":{"last_cache":"b8987d9f","ossn_cache":"1"}};
	Ossn.Init();
    </script>
</head>

<body>

	<div class="ossn-halt ossn-light"></div>
	<div class="ossn-message-box"></div>
	<div class="ossn-viewer" style="display:none"></div>
    
    <div class="opensource-socalnetwork">
    	    	 <div class="ossn-page-container">
			  <style>
	header {
    	background-color: #3b5998;
    	border-bottom: 1px solid #29487d;
    	color: #fff;
  	  	z-index: 1;
    	padding: 5px;
   		/*height: 85px;*/
	}
	.sitename-header {
    	font-size: 30px;
    	font-weight: bold;
    	margin-top: 15px;
	}
	header label {
		    font-size: 12px;
	}
	header input[type='password'],
	header input[type='text']{
			    padding: 3px 10px !important;
    			color: #000 !important;
			    margin-bottom: 2px !important;
	}
	header a {
	 font-size: 12px;
    	color: #fff;
	}
	header input[type='submit']{
		margin-top: 25px!important;
   	    padding: 3px 8px !important;
	    background: #718dc7 !important;
	}
</style>
<header>	
		<div class="container">
        	<div class="col-md-6">
            	<div class="sitename-header">
                	gencyberbook.com                </div>
            </div>	
            <div class="col-md-6">
            	<form id="ossn-login" action="http://gencyberbook.com/ossn/action/user/login" class="ossn-form" method="post"  enctype='multipart/form-data'><fieldset> <input type="hidden" name="ossn_ts" value="1626104309" />
 <input type="hidden" name="ossn_token" value="bfe8a97b9bc2aa7737135ad63711e150" /> 
<div class="row">
	<div class="col-md-5">
         <label>Username </label>
   		 <input type="text" name="username"/>
         <a href="http://gencyberbook.com/ossn/resetlogin">Reset your password</a>
    </div>
	<div class="col-md-5">
    <label> Password </label>
    <input type="password" name="password"/>
    </div>    
    <div class="col-md-2">
    	<input type="submit" value="Login" class="btn btn-primary"/>
    </div>
</div>

</fieldset></form>            </div>
        </div>
</header>          <div class="ossn-inner-page">    
  	  		  <div class="ossn-layout-startup">
	<div class="container">
		<div class="row">
            <div class="ossn-system-messages">
   <div class="row">
	   <div class="col-md-11 ossn-system-messages-inner">
    		   		</div>
	</div>
</div>            
			<div class="ossn-home-container">
				<div class="inner">
					<script>
	$(document).ready(function(){
		$('footer').find('.col-md-11').addClass('col-md-12').removeClass('col-md-11');						   
	});
</script>
<div class="row ossn-page-contents">
		<div class="col-md-6 home-left-contents">
            <div class="description">
            	Welcome to gencyberbook.com! Join now to make new friends, create groups, add photos, and much more.            </div><br />
            <img src="http://gencyberbook.com/ossn/themes/facebook/images/users.png" />
 	   </div>   
       <div class="col-md-6">
    	<div class="ossn-widget ">
	<div class="widget-heading">Create an account</div>
	<div class="widget-contents">
		<p>It's free and always will be.</p><form id="ossn-home-signup" action="http://gencyberbook.com/ossn/action/user/register" class="ossn-form" method="post"  enctype='multipart/form-data'><fieldset> <input type="hidden" name="ossn_ts" value="1626104309" />
 <input type="hidden" name="ossn_token" value="bfe8a97b9bc2aa7737135ad63711e150" /> <div class="row">
	<div class="col-md-6">
	    <input type="text" name="firstname" placeholder="First Name"/>
    </div>
    <div class="col-md-6">
	    <input type="text" name="lastname" placeholder="Last Name"/>
    </div>    
</div>

<div class="row">
	<div class="col-md-6">
	    <input type="text" name="email" placeholder="Email"/>
    </div>
    <div class="col-md-6"> 	 	  
	    <input name="email_re" type="text" placeholder="Re-enter Email"/>
   </div>     
</div>

<div>
    <input type="text" name="username" placeholder="Username" class="long-input"/>
</div>

<div>
    <input type="password" name="password" placeholder="Password" class="long-input"/>
</div>
<div class='text'><input class="form-control ossn-field-required" type="text" name="birthdate" placeholder="Birthdate" readonly="readonly" /></div><div class='radio-block'><div class='radio-block'><input class="ossn-field-required" type="radio" name="gender" value="male" /><span>Male</span></div><div class='radio-block'><input class="ossn-field-required" type="radio" name="gender" value="female" /><span>Female</span></div></div><div>
<div class="margin-top-10">
	<img src="http://gencyberbook.com/ossn/captcha/c92aca97b56624f5526ccb0f59055681" />
	<input type="text" name="captcha_text" class="margin-top-10" placeholder="Enter captcha text here" />
</div>
<input type="hidden" name="captcha" value="c92aca97b56624f5526ccb0f59055681" />

</div>

<div id="ossn-signup-errors" class="alert alert-danger"></div>

<p>
    By clicking Create an account, you agree to our        <a target="_blank" href="http://gencyberbook.com/ossn/site/terms">Terms and Conditions</a>
</p>
<div class="ossn-loading ossn-hidden"></div>
<input type="submit" id="ossn-submit-button" class="btn btn-success" value="Create an account" class=""/>
</fieldset></form>	</div>
</div>	       			
       </div>     
</div>	
				</div>
			</div>
		</div>
		<footer>
    <div class="col-md-11">
        <div class="footer-contents">
            <div class="ossn-footer-menu">
                <a class="menu-footer-a_copyrights" href="http://gencyberbook.com/ossn/">&copy; COPYRIGHT gencyberbook.com</a><a class="menu-footer-about" href="http://gencyberbook.com/ossn/site/about">About</a><a class="menu-footer-site" href="http://gencyberbook.com/ossn/site/terms">Terms and Conditions</a><a class="menu-footer-privacy" href="http://gencyberbook.com/ossn/site/privacy">Privacy</a><a class="menu-footer-powered" href="https://www.opensource-socialnetwork.org/">Powered by the Open Source Social Network.</a>            </div>
                    </div>
    </div>
</footer>
	</div>
</div>          </div>    
		</div>
    </div>
               
</body>
</html>
* Connection #0 to host gencyberbook.com left intact

I don't know how I would be able to change the port forwarding as I am quite new to all this. Is there a way to manually change it on my machine? Thank you @Osiris and @rg305 for helping me out!

Osiris · July 12, 2021, 4:34pm

Port forwarding is mostly done on the (NAT) router of a home internet service. Not sure how that's applicable for AWS EC2. Perhaps this helps:

nathan-jimin · July 13, 2021, 4:22pm

Thank you both for the help, but I have found the overall problem with my configuration. I did not know that I had to set up the default-ssl.conf and the 000-default.conf as well, adding a DocumentRoot to them. The site and SSL work perfectly fine now! Again, thank you for taking the time to help me out!

Osiris · July 13, 2021, 4:40pm

I thought we had disabled those by using localhost as the ServerName? Weird!

nathan-jimin · July 13, 2021, 7:12pm

I think it's because my website setup does use the default configs for the index page. I have not entirely set up the OSSN part as the default page for the website, hence breaking each time the virtualhost was disabled. This is my first time making a website backend-wise and I can already tell there are some improvements I can make. Thank you again for the help and have a good one!

system · August 12, 2021, 7:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.