POST forms return certificate error with Let's Encrypt

April 18, 2016 645 views
Let's Encrypt LAMP Stack PHP Security Ubuntu

I've recently set up an SSL certificate with Let's Encrypt on my Droplet. It's for three domains in total (two www domains and a subdomain for one of them, files). I'm using PHP7 and Apache 2.4.17 from a PPA, and I've also set up HTTP/2. The certificate was created on 19 March and it expires on the 17 June, though yesterday some problems popped up. Whenever I submit a form both Firefox and Chrome most of the time report an error with the certificate (Firefox is not at all specific, Chrome mentions an ERR_SPDY_PROTOCOL_ERROR). I first noticed it on the login form, and it only seems to happen when I enter at least a valid username. Just before I noticed the problem for the first time, I switched my users table to use UUIDs instead of auto incrementing IDs. Could that, or maybe setting cookies, be causing the problem? I doubt it because it worked before.

I'm really not sure what to do here, should I delete the certificates an generate new ones?

  • Did you attempt to validate the actual cause of the problem? Your post suggests that TLS is working just fine, as you are able to connect and attempt authentication with the site. Does that part of authentication not use TLS? What makes you think either TLS, your UUID changes, or cookies are part of the problem?

  • I tried everything I could think of. The entire site it set up to use TLS. Really, the only reason I'm blaming cookies and UUIDs are because I found out about the problem when testing those changes, though I'm not necessarily saying that they are causing it. I think TLS is the real problem mostly because the errors I get are all related to the certificate.

1 Answer

Are you using pagespeed? If so, you probably want to disable it for now. I believe there are some pagespeed bugs at the moment that can cause ERR_SPDY_PROTOCOL_ERROR in Chrome on POSTs.

  • No, no pagespeed. Just an SSL certificate.
    By the way, it's not just Chrome which is giving errors (Firefox is too), though only Chrome specifically mentions the error.

Have another answer? Share your knowledge.