error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Posted June 30, 2020 44.3k views

I cant access my REST API with HTTPS (HTTP works well).

root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/html/app# curl -v -k
*   Trying
* Connected to ( port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

my config

index   index.html index.htm;

server {
    listen 80;

        location / {
            proxy_pass          ;

            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
            proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
            proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
            proxy_ssl_server_name on;
            proxy_ssl_verify        on;
            proxy_ssl_verify_depth  2;
            proxy_ssl_session_reuse on;

    return 301 https://$server_name$request_uri;

server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;

        root /var/www/html/app/dist;


        ssl_dhparam /etc/nginx/dhparam.pem
        ssl_certificate "/etc/letsencrypt/live/";
        ssl_certificate_key "/etc/letsencrypt/live/";
        ssl_verify_client      optional;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        location / {
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_ssl_server_name on;

do you have any ideas?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

I found the problem - i haven’t prepared my nodejs app to listen on https port :-)