Question

ERR_SSL_PROTOCOL_ERROR when accessing website using HTTPS

I’m using Cloudflare DNS w/ Full SSL. The SSL certificates was installed using certbot as showed in this guide:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

But when trying to access my website under https using Chrome:

This site can’t provide a secure connection

Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

I’ve checked the ufw port 443 are allowed. In <VirtualHost *:443> the path to SSLCertificateFile and SSLCertificateKeyFile point to correct key created by certbot.

Please advise what might be the problem in this case?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

This is how my virtualhost setup

<VirtualHost *:80>
    ServerAdmin info@domainA.com
    ServerName domainA.com
    ServerAlias www.domainA.com
    DocumentRoot /var/www/html/domainA.com
		
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	<Directory /var/www/html/domainA.com>
		Options Indexes FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
	
	<IfModule mod_dir.c>
		DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
	</IfModule>
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin info@domainA.com
    ServerName domainA.com
    ServerAlias www.domainA.com
    DocumentRoot /var/www/html/domainA.com
		
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	<Directory /var/www/html/domainA.com>
		Options Indexes FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
	
	
	<IfModule mod_dir.c>
		DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
	</IfModule>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domainA.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domainA.com-0001/privkey.pem
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin info@domainA.com
    ServerName sub.domainA.com
    DocumentRoot /var/www/html/sub1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	<Directory /var/www/html/sub1>
		Options Indexes FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
	
	<IfModule mod_dir.c>
		DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
	</IfModule>
</VirtualHost>

<IfModule mod_ssl.c>
	<VirtualHost *:443>
		ServerAdmin info@domainA.com
		ServerName sub.domainA.com
		DocumentRoot /var/www/html/sub1

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined
		
		<Directory /var/www/html/sub1>
			Options Indexes FollowSymLinks
			AllowOverride All
			Require all granted
		</Directory>
		
		<IfModule mod_dir.c>
			DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
		</IfModule>
		
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/domainA.com-0001/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/domainA.com-0001/privkey.pem
	
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
	</VirtualHost>
</IfModule>

This error likely points to a mis-configuration somewhere in your Apache setup. If you can share your apache configuration for the ssl and non-ssl versions of your site I’d be happy to take a closer look. My first guess would be that Apache is trying to send an http response on port 443 instead of the https one but without more information it is difficult to know for sure.

You may also find more information by using an SSL testing tool like this or a command line web client where you can enable verbose output during the connection request.