Ssl – ERR_SSL_PROTOCOL_ERROR After Installing SSL Certificate

After going through the process of renewing an expiring SSL certificate, I'm now getting "ERR_SSL_PROTOCOL_ERROR" errors when viewing in Chrome. After hours of struggling, I've found a backup and replaced all of my cert files and conf files back to the way they were and am still getting the error. (My old certificate should still be valid for a few more days)

My error logs show a ton of entries including Invalid method in request \x16\x03\x01. Google searching on that brought me to posts describing how to check if the output on 443 is HTML. I did a telnet session and can confirm that plaintext html is being sent back through port 443.

Running a2enmod ssl gives me "Module ssl already enabled". That's all the posts I've found searching for that log result mention to check for.

Any other things to try to make sure SSL is running as it should?

UPDATE

Running netstat -lnt I get…

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN

It's very hard for me to tell what's happening on port 80 with my site. My domain is on the HSTS Preload List so it's kinda impossible for me to even try port 80.

MORE IMPORTANT UPDATE

The five million and eigth random thing I ended up trying ended up working, but I have no idea why.

All I did was change <VirtualHost [my ip address]:443> to <VirtualHost *:443>

Can anyone explain why this has fixed things? The version with my ip address was exactly what it was like before I started making changes last night. I restored the file from backup. I read in a few places that NameVirtualHost and VirtualHost can be useful. But I never added or removed anything that included those commands.

<html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx</center> </body> </html>

Best Answer

I did a telnet session and can confirm that plaintext html is being sent back through port 443.

It looks like you do not have an SSL enabled server listening on port 443. To get valid html back from your site via port 443 you have to set up an SSL connection and telnet doesn't do that. To check an SSL connection use

openssl s_client -connect example.com:443

Note that some correctly configured servers may send back html to a non https connection on port 443 advising just that but yioou would I'm sure have noticed that e.g.

Best Answer

Related Solutions

Apache SSL – Fix ‘Server Should Be SSL-Aware but Has No Certificate Configured’ Error

Solution 1: downgrade to the latest stable

Solution 2: edit listen.conf

SSL Certificate – Displaying Remote SSL Certificate Details Using CLI Tools

Related Topic

Solution 2: edit `listen.conf`