I have a server with 2 Magento sites running simultaneously. Site 1 works fine under SSL, while site 2 returns an error whenever I visit it.
I tried to test the website using cURL:
curl -v https://example2-domain.com/
The cURL throws this error:
* Trying 97.74.223.135...
* TCP_NODELAY set
* Connected to example2-domain.com (97.74.233.135) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Here’s the Apache VirtualHost blocks for reference:
<VirtualHost 97.74.233.135:8080>
ServerName www.example-domain.com
ServerAlias example-domain.com
DocumentRoot /home/example/public_html
DirectoryIndex index.php
ServerAdmin [email protected]
UseCanonicalName Off
ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
<Directory /home/example/public_html>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 97.74.233.135:8080>
ServerName example-domain2.com
DocumentRoot /home/example2/public_html
DirectoryIndex index.php
ServerAdmin [email protected]
UseCanonicalName Off
ScriptAlias /cgi-bin/ /home/example2/public_html/cgi-bin/
<Directory /home/example2/public_html>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 97.74.233.135:443>
ServerAdmin [email protected]
ServerName www.example-domain.com
LogLevel warn
ErrorLog /var/log/apache2/example-domain.com-ssl-error.log
CustomLog /var/log/apache2/example-domain.com-ssl-access.log combined
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:6081/
ProxyPassReverse / http://127.0.0.1:6081/
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /ssl/example-domain.crt
SSLCertificateKeyFile /ssl/example-domain-key.txt
SSLCertificateChainFile /ssl/example-domain.ca-bundle
</VirtualHost>
<VirtualHost 97.74.233.135:443>
ServerAdmin [email protected]
ServerName example-domain2.com
LogLevel warn
ErrorLog /var/log/apache2/example-domain2.com-ssl-error.log
CustomLog /var/log/apache2/example-domain2.com-ssl-access.log combined
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:6081/
ProxyPassReverse / http://127.0.0.1:6081/
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /ssl/example-domain2.com.crt
SSLCertificateKeyFile /ssl/example-domain2-key.txt
SSLCertificateChainFile /ssl/example-domain2.ca-bundle
</VirtualHost>
In case you’re wondering what sits on port 6081, Varnish is configured to sit on that port.
Can someone please care to enlighten me as to why this happens? Thanks!
3
Answers
Turns out, the domain was pointing to the wrong server in the first place! That's why the errors are showing. The configurations were all correct after pointing the domain's A record to the correct server.
I had this same issue when working on an Apache2 web server on Ubuntu 20.04 when working to set up SSL for a website.
Each time I run a curl request:
OR
I get the error:
I checked my configuration file for the website (
my-website.conf
) and it seemed fine.Here’s how I fixed it:
I figured that I did not have the configuration file for the website (
my-website.conf
) in the/etc/apache2/sites-enabled
directory. So the configuration was not enabled.All I had to do was to symlink the
my-website.conf
to the/etc/apache2/sites-enabled
directory this:Next, I listed the contents of the
/etc/apache2/sites-enabled
directory to be sure that the configuration file for the website (my-website.conf
) was there:Finally, I restarted the apache2 web server:
That’s all.
I hope this helps
In my case it was my NAT configuration pointing to the wrong internal port. UI allow writing source/dist ports with coma separator but it was not associative (source=
80,443
and dest=80,443
redirect all packets to80
).In this scenario, Apache configuration was valid and access logs keep trace of the request but with no more information about the ports configuration issue. The response was a code 400 for Bad request :
BONUS : For an easier debugging process of TLS, I used
openssl s_client
instead ofcurl
for checking SSL configuration