skip to Main Content

I have a server with 2 Magento sites running simultaneously. Site 1 works fine under SSL, while site 2 returns an error whenever I visit it.

I tried to test the website using cURL:

curl -v https://example2-domain.com/

The cURL throws this error:

*   Trying 97.74.223.135...
* TCP_NODELAY set
* Connected to example2-domain.com (97.74.233.135) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Here’s the Apache VirtualHost blocks for reference:

<VirtualHost 97.74.233.135:8080>
    ServerName www.example-domain.com
    ServerAlias example-domain.com
    DocumentRoot /home/example/public_html
    DirectoryIndex index.php
    ServerAdmin [email protected]
    UseCanonicalName Off
    ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
    <Directory /home/example/public_html>
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost 97.74.233.135:8080>
    ServerName example-domain2.com
    DocumentRoot /home/example2/public_html
    DirectoryIndex index.php
    ServerAdmin [email protected]
    UseCanonicalName Off
    ScriptAlias /cgi-bin/ /home/example2/public_html/cgi-bin/
    <Directory /home/example2/public_html>
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost 97.74.233.135:443>
    ServerAdmin [email protected]
    ServerName www.example-domain.com
    LogLevel warn
    ErrorLog /var/log/apache2/example-domain.com-ssl-error.log
    CustomLog /var/log/apache2/example-domain.com-ssl-access.log combined
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:6081/
    ProxyPassReverse / http://127.0.0.1:6081/
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Proto "https"
    SSLEngine On
    SSLCertificateFile /ssl/example-domain.crt
    SSLCertificateKeyFile /ssl/example-domain-key.txt
    SSLCertificateChainFile /ssl/example-domain.ca-bundle
</VirtualHost>

<VirtualHost 97.74.233.135:443>
    ServerAdmin [email protected]
    ServerName example-domain2.com
    LogLevel warn
    ErrorLog /var/log/apache2/example-domain2.com-ssl-error.log
    CustomLog /var/log/apache2/example-domain2.com-ssl-access.log combined
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:6081/
    ProxyPassReverse / http://127.0.0.1:6081/
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Proto "https"
    SSLEngine On
    SSLCertificateFile /ssl/example-domain2.com.crt
    SSLCertificateKeyFile /ssl/example-domain2-key.txt
    SSLCertificateChainFile /ssl/example-domain2.ca-bundle
</VirtualHost>

In case you’re wondering what sits on port 6081, Varnish is configured to sit on that port.

Can someone please care to enlighten me as to why this happens? Thanks!

3

Answers


  1. Chosen as BEST ANSWER

    Turns out, the domain was pointing to the wrong server in the first place! That's why the errors are showing. The configurations were all correct after pointing the domain's A record to the correct server.


  2. I had this same issue when working on an Apache2 web server on Ubuntu 20.04 when working to set up SSL for a website.

    Each time I run a curl request:

    curl https://corebanking.test.vggdev.com
    

    OR

    curl https://my-website.com:443
    

    I get the error:

    curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
    

    I checked my configuration file for the website (my-website.conf) and it seemed fine.

    Here’s how I fixed it:

    I figured that I did not have the configuration file for the website (my-website.conf) in the /etc/apache2/sites-enabled directory. So the configuration was not enabled.

    All I had to do was to symlink the my-website.conf to the /etc/apache2/sites-enabled directory this:

    sudo ln -s /etc/apache2/sites-available/my-website.conf /etc/apache2/sites-enabled/my-website
    

    Next, I listed the contents of the /etc/apache2/sites-enabled directory to be sure that the configuration file for the website (my-website.conf) was there:

    ls /etc/apache2/sites-enabled/
    

    Finally, I restarted the apache2 web server:

    sudo systemctl restart apache2
    

    That’s all.

    I hope this helps

    Login or Signup to reply.
  3. In my case it was my NAT configuration pointing to the wrong internal port. UI allow writing source/dist ports with coma separator but it was not associative (source=80,443 and dest=80,443 redirect all packets to 80).

    In this scenario, Apache configuration was valid and access logs keep trace of the request but with no more information about the ports configuration issue. The response was a code 400 for Bad request :

    x.x.x.x - - [25/Aug/2021:09:06:23 +0000] "x16x03x01x02" 400 0 "-" "-"
    

    BONUS : For an easier debugging process of TLS, I used openssl s_client instead of curl for checking SSL configuration

    openssl s_client -connect example2-domain.com:443
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search