I have an Apache proxy that has several VHosts. Some of these are legacy configs that were before my time. Long story short, I removed some .crt files on the server that had expired, and forgot to remove the associated /etc/apache2/ssl/*.conf files, so when Apache would try to rotate its logs, it would fail.
After repairing that mess, I began receiving 502 Proxy Error when navigating to only one of the VHosts. All the others worked.
This is what was causing everything to break. In one of the /etc/apache2/sites-enabled/*.conf files, there was this line:
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
#SSLProxyProtocol +TLSv1 <---- THIS BROKE IT
All the other VHosts are using TLSv1.2. My question is, why would this make only ONE VHost break and not all of them, especially when it wasn't even the config that had the old TLS in the file?
Update I set Apache's log level to debug, and it shows the error, but doesn't tell me which config file was the culprit. Luckily, I know which one:
[Mon Aug 30 08:26:35.098657 2021] [ssl:info] [pid 10843] SSL Library Error: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version (SSL alert number 70)
[Mon Aug 30 08:26:35.098679 2021] [ssl:info] [pid 10843] [remote 192.168.66.120:8004] AH01998: Connection closed to child 0 with abortive shutdown (server www.example.com:443)
[Mon Aug 30 08:26:35.098715 2021] [ssl:info] [pid 10843] [remote 192.168.66.120:8004] AH01997: SSL handshake failed: sending 502
