Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: SSL-PROTOCOL-ERR in 2.4.66 all browsers except Firefox |
|
| Author |
|
jeremydunn
Joined: 15 Dec 2025
Posts: 1
Location: USA, Becket
|
 Posted: Mon 15 Dec '25 19:12 Post subject: SSL-PROTOCOL-ERR in 2.4.66 all browsers except Firefox |
 |
|
Windows Server 2019
was running httpd 2.4.65 x64
upgraded to 2.4.66 x64
wildcard SSL certificate *.dhammareg.dhamma.org purchased through CheapSSLSecurity, issued by Sectigo
Apache config fragment:
| Quote: |
SSLCertificateFile "c:\Program Files\Apache\conf\dhammareg.ssl\STAR_dhammareg_dhamma_org-exp10Sept2030.crt"
SSLCertificateKeyFile "c:\Program Files\Apache\conf\dhammareg.ssl\STAR_dhammareg_dhamma_org-exp10Sept2030.key"
#SSLCertificateChainFile "c:\Program Files\Apache\conf\dhammareg.ssl\SectigoCABundle.crt"
SSLCertificateChainFile "c:\Program Files\Apache\conf\dhammareg.ssl\SectigoCABundle-New.crt"
|
CertificateChainFile is issued by Sectigo.
Original Certificate chain file was included in the download package for our SSL cert
PROBLEM:
* under 2.4.65, original CertificateChainFile works fine in all browsers (Firefox, Chrome, Edge, Safari, Opera)
* under 2.4.66, with no configuration changes, get SSL-PROTOCOL-ERR in (Chrome, Edge, Opera); but Firefox works ok
* downloading the latest CertificateChainFile from Sectigo website, 2.4.66 works fine again in all browsers.
The problem is fixed; but I don't understand what happened. Can anyone explain?
p.s. installed the latest CertificateChainFile on dev server (2.4.66). it's working fine in all browsers *but* gives error using SSLChecker: https://www.sslshopper.com/ssl-checker.html#hostname=https://train.dhammareg.dhamma.org:8443/
shows missing Root certificate. various other SSL-checking tools also show incomplete certificate chain.
one of the production sites (2.4.65, with original certificate chain) validates: https://www.sslshopper.com/ssl-checker.html#hostname=uscan.dhammareg.dhamma.org:8443
still confused  |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 713
|
| Posted: Mon 15 Dec '25 20:09 Post subject: |
|
|
| Good news that the sites are now working. |
|
| Back to top |
|
|
|
|
|
|
