SSL_ERROR_RX_RECORD_TOO_LONG certbot

by Michael   Last Updated January 13, 2018 15:00 PM

I have the following setup:

  • Apache 2.4
  • Ubuntu 16.04 LTS
  • letsencrypt / certbot

Now, as soon as I enable the following .conf on the default server, all my configured top level domains receive a SSL_ERROR_RX_RECORD_TOO_LONG error. If I disable this config, everything works as expected.

Because of this fact, I am sure, apache listens to the correct ports, to the correct IPs, and letsencrypt/certbot is correctly setup.

<VirtualHost _default_:443>
    DocumentRoot "/var/www/html"
    <Directory "/var/www/html">
            Require all denied
    </Directory>
</VirtualHost>

Changing this to

<VirtualHost _default_:443>
    DocumentRoot "/var/www/html"
    <Directory "/var/www/html">
            Require all granted
    </Directory>
</VirtualHost>

has not solved the problem.

apache2ctl -S 

shows the expected results, 001-default-ssl.conf and 001-default.conf are the defaults for port 80 and port 443.

openssl s_client -connect workingdomain.tld:443

prints:

CONNECTED(00000003)
139991513372312:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1515852550
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Again, as soon as I disable this config, every domain configured with certbot/letsencrypt works as expected.

I don't get this, since I am basically blocking only the default server, all my other domains should be unaffected by this setting.



Related Questions


Let's Encrypt SSL install error on apache

Updated October 29, 2017 20:00 PM

Apache vhosts not working on Ubuntu 14.04 LTS

Updated March 30, 2015 20:00 PM

Apache2 Virtual Host 1 file for any URL

Updated October 23, 2015 08:00 AM

VirtualHost Apache does not serve subdomain

Updated November 15, 2015 06:00 AM

Virtual Hosts Setup on Ubuntu 15

Updated November 30, 2015 03:00 AM