Score:0

Let's Encrypt: SSL Certificate is valid for the Domain but not valid Specific Port (net::ERR_SSL_PROTOCOL_ERROR)

in flag

I am using VPS: Amazon EC2 and SSL Cert Provider: Let's Encrypt (through Certbot)

I have seen some kind of a question but the answer is not useful for my situation. I have a domain api.example.com that is configured and fully functioning on an Ubuntu server. I used Certbot to configure the domain with HTTPS, however, I also have APIs configured to be accessed on a specific port of that domain, say 8443.

When I access api.example.com, I see the lock on the browser that says the site is secure, but whenever I try to access my api api.example.com:8443/v1/someAPI, the API returns the appropriate result, but without the site is secure. Because the main site is secure, while the API access location isn't, I am unable to make API calls accordingly, resulting in net::ERR_SSL_PROTOCOL_ERROR.

my application.properties:

# Database
db.driver: com.mysql.cj.jdbc.Driver
db.url: jdbc:mysql://123.123.123.123:123/ex?serverTimeZone=UTC&useSSL=false
db.username: xx
#db.password: xxx
db.password: xxxxxx
 
# Hibernate
hibernate.dialect: org.hibernate.dialect.MySQL5Dialect
hibernate.show_sql: false
hibernate.hbm2ddl.auto: validate
hibernate.format_sql = false
entitymanager.packagesToScan: com.example

# GZIP Server compression
server.compression.enabled: true
server.compression.min-response-size: 2048
server.compression.mime-types: application/json,application/xml,text/html,text/xml,text/plain

# File Path
file.path: /home/ec2-user/
file.report.path: /home/ec2-user/
jpa.repositories.enabled=false

multipart.enabled=true
multipart.max-file-size=50MB
multipart.max-request-size=50MB

spring.servlet.multipart.max-file-size=50MB
spring.servlet.multipart.max-request-size=50MB

# server base path
base.path: https://api.example.com:8443

# Origins to allow requests from
origins: *

#Error Page Configuration
server.error.whitelabel.enabled=false
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration

reportUrl:https://example.com/report/
[email protected]
emails=sales@[email protected]

# SMTP Configuration
spring.mail.enabled=true
spring.mail.from=sales@[email protected]
##Amazon SES SMTP config
spring.mail.host=email-smtp 
spring.mail.username=fsdfskfjsldfjf
spring.mail.password=ffdfsfdsfdsfsdfdsf
spring.mail.port=123

eds.users: [email protected]
eds.host: smtp.gmail.com
eds.port: 123
eds.fromname==example

##SSL details
server.port:8443
security.require-ssl=true

server.ssl.key-store:classpath:abc.p12
server.ssl.key-store-password:abc
server.ssl.keyStoreType:PKCS12
server.ssl.keyAlias:abc

I have also added a rule for 8443 port [![enter image description here][1]][1]

I am getting an error on server log:

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v2.4.1)

2021-08-28 15:47:04.463  INFO 4513 --- [           main] c.a.MarketResearcher.ApplicationWar      : Starting ApplicationWar v0.0.1-SNAPSHOT using Java 1.8.0_302 on ip-172-31-17-203.ap-south-1.compute.internal with PID 4513 (/home/ec2-user/MarketResearcher-0.0.1-SNAPSHOT.jar started by root in /home/ec2-user)
2021-08-28 15:47:04.467  INFO 4513 --- [           main] c.a.MarketResearcher.ApplicationWar      : The following profiles are active: prod
2021-08-28 15:47:06.924  INFO 4513 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.ws.config.annotation.DelegatingWsConfiguration' of type [org.springframework.ws.config.annotation.DelegatingWsConfiguration$$EnhancerBySpringCGLIB$$b39d77f] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-08-28 15:47:07.008  INFO 4513 --- [           main] .w.s.a.s.AnnotationActionEndpointMapping : Supporting [WS-Addressing August 2004, WS-Addressing 1.0]
2021-08-28 15:47:07.705  INFO 4513 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8443 (https)
2021-08-28 15:47:07.729  INFO 4513 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2021-08-28 15:47:07.730  INFO 4513 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.41]
2021-08-28 15:47:07.852  INFO 4513 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2021-08-28 15:47:07.852  INFO 4513 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 3164 ms
2021-08-28 15:47:08.432  INFO 4513 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.4.25.Final
2021-08-28 15:47:08.894  INFO 4513 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
2021-08-28 15:47:09.462  INFO 4513 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.MySQL5Dialect
2021-08-28 15:47:09.613  INFO 4513 --- [           main] o.h.e.boot.internal.EnversServiceImpl    : Envers integration enabled? : true
2021-08-28 15:47:12.758  INFO 4513 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2021-08-28 15:47:13.322  INFO 4513 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2021-08-28 15:47:15.192  INFO 4513 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8443 (https) with context path ''
2021-08-28 15:47:15.223  INFO 4513 --- [           main] c.a.MarketResearcher.ApplicationWar      : Started ApplicationWar in 11.771 seconds (JVM running for 12.677)
2021-08-28 15:52:41.387  INFO 4513 --- [nio-8443-exec-6] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2021-08-28 15:52:41.388  INFO 4513 --- [nio-8443-exec-6] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2021-08-28 15:52:41.390  INFO 4513 --- [nio-8443-exec-6] o.s.web.servlet.DispatcherServlet        : Completed initialization in 2 ms
2021-08-28 16:06:33.275  WARN 4513 --- [nio-8443-exec-4] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:33.391  WARN 4513 --- [nio-8443-exec-4] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:33.683  WARN 4513 --- [nio-8443-exec-4] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:33.738  WARN 4513 --- [nio-8443-exec-1] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:33.739  WARN 4513 --- [nio-8443-exec-3] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:33.747  WARN 4513 --- [io-8443-exec-10] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:33.845  WARN 4513 --- [nio-8443-exec-5] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:33.866  WARN 4513 --- [nio-8443-exec-2] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-28 16:06:34.021  WARN 4513 --- [nio-8443-exec-7] org.hibernate.orm.deprecation            : HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead
2021-08-29 19:08:38.141  INFO 4513 --- [nio-8443-exec-5] o.apache.coyote.http11.Http11Processor   : Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.

java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol [RTSP/1.00x0d0x0a0x0d...]
    at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:559) ~[tomcat-embed-core-9.0.41.jar!/:9.0.41]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:261) ~[tomcat-embed-core-9.0.41.jar!/:9.0.41]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.41.jar!/:9.0.41]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888) [tomcat-embed-core-9.0.41.jar!/:9.0.41]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1597) [tomcat-embed-core-9.0.41.jar!/:9.0.41]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.41.jar!/:9.0.41]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_302]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_302]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.41.jar!/:9.0.41]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_302]
Steffen Ullrich avatar
se flag
A certificate is not specific to a port. The working server at the standard HTTPS port 443 and the non-working server on port 8443 are different servers with different configurations. The problem lies in the configuration of the server on port 8443. Unfortunately the configuration shown does not provide sufficient details about this server, specifically not about the certificates served. It is also not clear how the server is actually accessed - `api.example.com:8443/v1/someAPI` is an incomplete URL which is missing the protocol (`http://` vs. `https://`)
Ragesh Pikalmunde avatar
in flag
@SteffenUllrich `https://api.marketsresearcher.biz:8443/v1/read-news` this is my API which i use. if you try to access `https://api.marketsresearcher.biz` browser will show a valid certificate but when I try to access API then it gives me `net::ERR_SSL_PROTOCOL_ERROR`
Steffen Ullrich avatar
se flag
I get a "connection refused" when trying to access the API on port 8443. This means there are likely firewall rules which prevent access to this port from outside. Note that a common way to expose APIs is not to expose the API server itself on another port but instead reverse proxy the API path to the internal API server using the normal web server.
Ragesh Pikalmunde avatar
in flag
@SteffenUllrich I have added an image to the question, I have added a rule in the AWS security group for port 8443. do I need to do something more?
Ragesh Pikalmunde avatar
in flag
@SteffenUllrich I got the log from the server and it is throwing an error: `java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol [RTSP/1.00x0d0x0a0x0d...]` any Idea how to fix this on server?
Steffen Ullrich avatar
se flag
Both of your last comments look like completely different problems than what you originally asked. Please don't make your question a moving target but create new questions with sufficient detail for new problems.
Ragesh Pikalmunde avatar
in flag
@SteffenUllrich I have updated the question
Steffen Ullrich avatar
se flag
Based on the output no HTTP request is made to the API but an RTSP request, i.e. something used in real time streaming. No idea what you are doing on the client side to cause this.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.