I received an e-mail recently from LetsEncrypt telling me my website certificate was about to expire - I configured the website to use HTTPS only. The certificates were auto-renewing without any problems until now. I upgraded the OpenSSL libraries on my Ubuntu 18.04 to use the latest TLS, version 1.3. It all seemed to work fine but accessing my website using a Firefox web browser running on Windows 7 displayed the following message:-
SSL_ERROR_RX_RECORD_TOO_LONG
and Apache's "access.log" file on the server has the following when the site is accessed:-
"\x16\x03\x01\x02" 400 499 "-" "-"
Which looks like a TLS handshake and the 400 could be a bad request.
Something, somewhere, isn't configured correctly. How do I find out what the problem is?
EDIT
After looking around for a solution, I found that if I type:-
dfsoftware.ddns.net
into my brower address bar I get an error (on Firefox, the SSL_ERROR...) but if I type:-
http://dfsoftware.ddns.net:443
the page loads correctly. So it seems apache is having trouble with handling a secure connection on port 443 and only accepts vanilla requests on that port. The configuration files look OK (I can upload them if you need to see) so what's going on?
EDIT 2
Here are the apache configuration files that I think are relevant, if others are needed, do ask.
apache2.conf:-
ServerName dfsoftware.ddns.net
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
ports.conf:-
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
sites-available/dfsoftare.ddns.net.conf:-
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName dfsoftware.ddns.net
ServerAlias www.dfsoftware.ddns.net
DocumentRoot /WebSites/Websites
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /WebSites/Websites/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =dfsoftware.ddns.net [OR]
RewriteCond %{SERVER_NAME} =www.dfsoftware.ddns.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
sites-available/dfsoftare.ddns.net-le-ssl.conf:-
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName dfsoftware.ddns.net
ServerAlias www.dfsoftware.ddns.net
DocumentRoot /WebSites/Websites
SSLEngine on
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /WebSites/Websites/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/dfsoftware.ddns.net- 0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dfsoftware.ddns.net-0001/privkey.pem
</VirtualHost>
</IfModule>
