Jump to content
Froxlor Forum

Letsencrypt SSL_ERROR_RX_RECORD_TOO_LONG


JuKu

Recommended Posts

Posted

Hello everybody,

 

I try to configure a letsencrypt certificate for one of my domains https://jukusoft.com , certificates are already generated by froxlor, but i get this error, if i browse the domain with firefox:

SSL_ERROR_RX_RECORD_TOO_LONG

 

If i search with google there are many threads about this topic, but there isn't any solution for this.

Also there is no good tutorial on froxlor sites. Because i dont know if this is a bug or only a issue about a not-existent documentation, i havent created a issue on github yet.

I also doesnt get any results by your forum search. If this is the wrong forum, please move my topic to the right! thanks!

 

If i try to execute "openssl s_client -showcerts -connect jukusoft.com:443 -servername jukusoft.com" i get this output:

CONNECTED(00000003)
140505437533840:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 310 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1521806504
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

 

I have also configured IP / Port settings:

dd.thumb.PNG.70720f5fcd7a07000e2c64a6d207f42e.PNG

ddKopie.thumb.PNG.92d0d3b336f996f1b3fae88324917f43.PNG

dd.thumb.PNG.9cc821acb106d182f668f4cb5a295ec8.PNG

 

Domain Settings:

dd.thumb.PNG.d7fdcfca32dd668d301eded847a34066.PNG

 

ddKopie.thumb.PNG.e1722a41e04545189f7e17a5710e2060.PNG

 

Where is the problem?
And please, can you write a good tutorial / documentation for SSL & letsencrypt configuration for froxlor?

Posted

The ssl-enabled IP/Port needs a certificate too, specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings). You also have to activate "generate Vhost container" in the ip/port for this to work

Posted

@d00p Thanks for this fast answer!

 

vor 5 Stunden schrieb d00p:

The ssl-enabled IP/Port needs a certificate too

How do i get this certificate? Can i generate this or also get a certificate from letsencrypt?

 

vor 5 Stunden schrieb d00p:

specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings).

 

I have already specified this in global ssl settings:

dd.thumb.PNG.db439cd7ac1e9bc75181a3886d683d6a.PNG

ddKopie.thumb.PNG.3eff33ea3ecbac24d381193cdd1b402a.PNG

 

Is this right?

Posted

You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought

Posted

Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required

Posted
Am 25.3.2018 um 08:27 schrieb d00p:

You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought

Thanks for your answer again!
Can i also use a lets encrypt certificate for this?

Or have i really generate a selfsigned certificate?

 

If yes, how can i do this?

openssl req -new > new.ssl.csr

openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days NNN
cp new.cert.cert /etc/ssl/certs/server.crt
cp new.cert.key /etc/ssl/private/server.key

 

Am 25.3.2018 um 08:28 schrieb d00p:

Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required

I have done this, but it doesnt works.

Posted
42 minutes ago, JuKu said:

I have done this, but it doesnt works.

It doesnt work is not an error message...please post logs or error messages.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...