After going through the process of renewing an expiring SSL certificate, I'm now getting "ERR_SSL_PROTOCOL_ERROR" errors when viewing in Chrome. After hours of struggling, I've found a backup and replaced all of my cert files and conf files back to the way they were and am still getting the error. (My old certificate should still be valid for a few more days)
My error logs show a ton of entries including Invalid method in request \x16\x03\x01
. Google searching on that brought me to posts describing how to check if the output on 443 is HTML. I did a telnet session and can confirm that plaintext html is being sent back through port 443.
Running a2enmod ssl gives me "Module ssl already enabled". That's all the posts I've found searching for that log result mention to check for.
Any other things to try to make sure SSL is running as it should?
UPDATE
Running netstat -lnt
I get…
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
It's very hard for me to tell what's happening on port 80 with my site. My domain is on the HSTS Preload List so it's kinda impossible for me to even try port 80.
MORE IMPORTANT UPDATE
The five million and eigth random thing I ended up trying ended up working, but I have no idea why.
All I did was change <VirtualHost [my ip address]:443>
to <VirtualHost *:443>
Can anyone explain why this has fixed things? The version with my ip address was exactly what it was like before I started making changes last night. I restored the file from backup. I read in a few places that NameVirtualHost
and VirtualHost
can be useful. But I never added or removed anything that included those commands.
Best Answer
It looks like you do not have an SSL enabled server listening on port 443. To get valid html back from your site via port 443 you have to set up an SSL connection and telnet doesn't do that. To check an SSL connection use
Note that some correctly configured servers may send back html to a non https connection on port 443 advising just that but yioou would I'm sure have noticed that e.g.