ERR_SSL_PROTOCOL_ERROR when accessing website using HTTPS

April 3, 2018 684 views
LAMP Stack Let's Encrypt Ubuntu 16.04

I'm using Cloudflare DNS w/ Full SSL. The SSL certificates was installed using certbot as showed in this guide:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

But when trying to access my website under https using Chrome:

This site can’t provide a secure connection

Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

I've checked the ufw port 443 are allowed.
In <VirtualHost *:443> the path to SSLCertificateFile and SSLCertificateKeyFile point to correct key created by certbot.

Please advise what might be the problem in this case?

2 Answers

This error likely points to a mis-configuration somewhere in your Apache setup. If you can share your apache configuration for the ssl and non-ssl versions of your site I'd be happy to take a closer look. My first guess would be that Apache is trying to send an http response on port 443 instead of the https one but without more information it is difficult to know for sure.

You may also find more information by using an SSL testing tool like this or a command line web client where you can enable verbose output during the connection request.

This is how my virtualhost setup

<VirtualHost *:80>
    ServerAdmin info@domainA.com
    ServerName domainA.com
    ServerAlias www.domainA.com
    DocumentRoot /var/www/html/domainA.com

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/html/domainA.com>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    <IfModule mod_dir.c>
        DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
    </IfModule>
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin info@domainA.com
    ServerName domainA.com
    ServerAlias www.domainA.com
    DocumentRoot /var/www/html/domainA.com

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/html/domainA.com>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>


    <IfModule mod_dir.c>
        DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
    </IfModule>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domainA.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domainA.com-0001/privkey.pem
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin info@domainA.com
    ServerName sub.domainA.com
    DocumentRoot /var/www/html/sub1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/html/sub1>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    <IfModule mod_dir.c>
        DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
    </IfModule>
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin info@domainA.com
        ServerName sub.domainA.com
        DocumentRoot /var/www/html/sub1

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory /var/www/html/sub1>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        <IfModule mod_dir.c>
            DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
        </IfModule>

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/domainA.com-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domainA.com-0001/privkey.pem

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
    </VirtualHost>
</IfModule>

Have another answer? Share your knowledge.