Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache responding with wrong protocol with Let's Encrypt |
|
Author |
|
SlashMe
Joined: 01 Feb 2018 Posts: 3 Location: Germany
|
Posted: Thu 01 Feb '18 12:02 Post subject: Apache responding with wrong protocol with Let's Encrypt |
|
|
I'm trying to set up Apache 2.4.25 with a Let's Encrypt certificate on Raspian Stretch. However, I can't get SSL working. Apache keeps responding with a 400 using HTTP instead of doing the SSL handshake, which means the browser's aborting with SSL_ERROR_RX_RECORD_TOO_LONG. What's most confusing is that the log produces lines like:
Code: | hostname:80 148.72.168.62 - - [31/Jan/2018:18:23:13 +0100] "\x16\x03\x01" 400 0 "-" "-" |
i.e. it says the request was coming in through port 80, even though it didn't. I changed my configuration to include 'Listen 443 https' and disabled the default listener on port 80. I made sure no process is listening on 80 and Apache is indeed bound to 443, but it still logs port 80 and responds with 400 with HTTP, no SSL. I tried other ports as well. I verified the requests were coming in through the right port using "sudo nc -l <port>" while Apache was stopped.
SSLEngine is on, mod_ssl is loaded, and the paths for the certificate have been set up by certbot.
Any help would be appreciated. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7288 Location: Germany, Next to Hamburg
|
Posted: Thu 08 Feb '18 16:30 Post subject: |
|
|
Do you have set up vhosts / virtual hosts? If not, you can run apache only on port 80 or 433. If you want both you have to create two vhsots. One for port 80 and one for 433. Note that the default hosts is disabled as soon you setup a vhost. That is why you need to create 2 vhosts.
if you still have a question please ask again. |
|
Back to top |
|
SlashMe
Joined: 01 Feb 2018 Posts: 3 Location: Germany
|
Posted: Thu 08 Feb '18 19:06 Post subject: |
|
|
Yes, I've enabled both default vhosts for 80 and 443. When that didn't work, I explicitly disabled the vhost for 80 and removed the "Listen 80" line in order to isolate https. Didn't change anything, no SSL response, logs says :80. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7288 Location: Germany, Next to Hamburg
|
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Fri 09 Feb '18 20:35 Post subject: |
|
|
Isn't that 443, not 433? |
|
Back to top |
|
pschmehl
Joined: 13 Oct 2017 Posts: 16 Location: United States, Richardson, TX
|
|
Back to top |
|
SlashMe
Joined: 01 Feb 2018 Posts: 3 Location: Germany
|
Posted: Tue 13 Feb '18 11:05 Post subject: |
|
|
@pschmehl:
The second link you posted says to enable SSLEngine, which I already made sure is enabled. The other link suggest entering the IP in the <VirtualHost> container, which I can't because I'm using dynamic DNS. However, I was able to solve my problem: My <VirtualHost> was using _default_:443. Using *:443 instead, it works flawlessly. I could've sworn I had tried that already.
However, I still consider it highly confusing that Apache logs requests as coming from port 80 when they clearly don't. |
|
Back to top |
|
|
|
|
|
|