I have been using LetsEncrypt certificates for some time, and they've been working fine for the sites that I host under Apache.
I need to create a very lightweight https server in Java, and it appears to be failing during the SSL negotiation. I cloned this system (
hoyo.zeetix.com) from its counterpart (
byron.zeetix.com). Each is a robust AWS EC2 instance running Linux.
I'm pretty sure that at least part of the problem is revealed in the
curl output below. Based on my
ssl.conf, it appears that the negotiation is looking in
/etc/pki/tls/certs, for something called
I have not knowingly changed anything in
/etc/pki/tls after cloning this instance from
byron.zeetix.com. I used certbot to delete the certs for
byron.zeetix.com and created new certs for
hoyo.zeetix.com. Those all live in the regular place (
I've noticed that two files are (still) identical between
Do I need to do something in
/etc/pki/tls so that I can connect to the new https server I'm trying spin up?
I invite the guidance of this community.
My domain is: hoyo.zeetix.com
I ran this command:
curl -vvv https://tms.hoyo.zeetix.com:7899/test
It produced this output:
[tms@hoyo ~]$ curl -vvv https://tms.hoyo.zeetix.com:7899/test * Trying 172.30.2.59... * TCP_NODELAY set * Connected to tms.hoyo.zeetix.com (172.30.2.59) port 7899 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tms.hoyo.zeetix.com:7899 * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to tms.hoyo.zeetix.com:7899
My web server is (include version): NA
The operating system my web server runs on is (include version): Rocky Linux (CentOS 8)
My hosting provider, if applicable, is: NA
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 2.5.0