0

Without any reason my Apache2 Webserver on Ubuntu stopped working. Every HTTPS site i want to open I get "SSL_ERROR_RX_RECORD_TOO_LONG". When I call on my server 'openssl s_client -connect www.kosa-strick.com:443 -state -debug' I get:

SSL_connect:error in SSLv2/v3 read server hello A 140122828576408:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:

VHOST-Config is:

<VirtualHost *:80> ServerName www.kosa-strick.com ServerAdmin [email protected] Redirect / https://www.kosa-strick.com/ ErrorLog ${APACHE_LOG_DIR}/kosa_error.log CustomLog ${APACHE_LOG_DIR}/kosa_access.log combined </VirtualHost> <VirtualHost *:443> ServerName www.kosa-strick.com ServerAdmin [email protected] <Directory /var/www/kosa/kosa-strick-website/public_html> AllowOverride All </Directory> DocumentRoot /var/www/kosa/kosa-strick-website/public_html ErrorLog ${APACHE_LOG_DIR}/kosa_error.log CustomLog ${APACHE_LOG_DIR}/kosa_access.log combined SSLCertificateFile /etc/letsencrypt/live/www.kosa-strick.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.kosa-strick.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost>

SSL Config File is:

# This file contains important security parameters. If you modify this file # manually, Certbot will be unable to automatically provide future security # updates. Instead, Certbot will print and log an error message with a path to # the up-to-date file that you will need to refer to when manually updating # this file. SSLEngine on # Intermediate configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on SSLCompression off SSLOptions +StrictRequire # Add vhost name to log entries: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common #CustomLog /var/log/apache2/access.log vhost_combined #LogLevel warn #ErrorLog /var/log/apache2/error.log # Always ensure Cookies have "Secure" set (JAH 2012/1) #Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

I did no config change or update or whatever. It simply stopped working. Rebooting server didn't help.

Logfile says:

[Thu May 16 12:44:42.444514 2019] [ssl:warn] [pid 10992] AH01916: Init: (yewsvr1.yewstone.io:443) You configured HTTP(80) on the standard HTTPS(443) port! [Thu May 16 12:44:42.494285 2019] [ssl:warn] [pid 10993] AH01916: Init: (yewsvr1.yewstone.io:443) You configured HTTP(80) on the standard HTTPS(443) port! [Thu May 16 12:44:42.495892 2019] [mpm_prefork:notice] [pid 10993] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Thu May 16 12:44:42.495922 2019] [core:notice] [pid 10993] AH00094: Command line: '/usr/sbin/apache2'

But this is bullshit. The port configuration worked for years and was never changed and the ports.conf is correct:

Listen 80 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
Improve this question

1 Answer 1

Reset to default
0 
 yewsvr1.yewstone.io:443... You configured HTTP(80) on the standard HTTPS(443) port! ...

But this is bullshit

If Apache says this then this is how it sees your configuration and it is likely not bullshit. My guess is that the error is in a part of the configuration you don't show, i.e. in the configuration of yewsvr1.yewstone.io. It is sufficient if one of the vhosts on the same IP and port is improperly configured to cause the problems you see.

Improve this answer
2
  • A VHOST named "yewsvr1.yewstone.io" doesn't exist. I checked all VHOST config files and they are all fine and untouched since about two months. But the error occures sind today morning. Commented May 16, 2019 at 11:20
  • @Philipp: you provide only a snippet of your configuration where you think the problem is but as I said the problem is likely at a different place. Given that the error message of the web server explicitly refers to this name it is very likely that it somehow uses a configuration for this name. It is unlikely that it just makes up this name. So the chance is high that there is some part of the configuration you are not aware of and which you don't include here but which is causing the trouble. Commented May 16, 2019 at 15:33

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.