Without any reason my Apache2 Webserver on Ubuntu stopped working. Every HTTPS site i want to open I get "SSL_ERROR_RX_RECORD_TOO_LONG". When I call on my server 'openssl s_client -connect www.kosa-strick.com:443 -state -debug' I get:
SSL_connect:error in SSLv2/v3 read server hello A
140122828576408:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
VHOST-Config is:
<VirtualHost *:80>
ServerName www.kosa-strick.com
ServerAdmin [email protected]
Redirect / https://www.kosa-strick.com/
ErrorLog ${APACHE_LOG_DIR}/kosa_error.log
CustomLog ${APACHE_LOG_DIR}/kosa_access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.kosa-strick.com
ServerAdmin [email protected]
<Directory /var/www/kosa/kosa-strick-website/public_html>
AllowOverride All
</Directory>
DocumentRoot /var/www/kosa/kosa-strick-website/public_html
ErrorLog ${APACHE_LOG_DIR}/kosa_error.log
CustomLog ${APACHE_LOG_DIR}/kosa_access.log combined
SSLCertificateFile /etc/letsencrypt/live/www.kosa-strick.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.kosa-strick.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
SSL Config File is:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log
# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
I did no config change or update or whatever. It simply stopped working. Rebooting server didn't help.
Logfile says:
[Thu May 16 12:44:42.444514 2019] [ssl:warn] [pid 10992] AH01916: Init: (yewsvr1.yewstone.io:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Thu May 16 12:44:42.494285 2019] [ssl:warn] [pid 10993] AH01916: Init: (yewsvr1.yewstone.io:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Thu May 16 12:44:42.495892 2019] [mpm_prefork:notice] [pid 10993] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Thu May 16 12:44:42.495922 2019] [core:notice] [pid 10993] AH00094: Command line: '/usr/sbin/apache2'
But this is bullshit. The port configuration worked for years and was never changed and the ports.conf is correct:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
If Apache says this then this is how it sees your configuration and it is likely not bullshit. My guess is that the error is in a part of the configuration you don't show, i.e. in the configuration of yewsvr1.yewstone.io. It is sufficient if one of the vhosts on the same IP and port is improperly configured to cause the problems you see.