letsencrypt Letsencrypt SSL_ERROR_RX_RECORD_TOO_LONG

[JuKu]

Hello everybody,

 

I try to configure a letsencrypt certificate for one of my domains https://jukusoft.com , certificates are already generated by froxlor, but i get this error, if i browse the domain with firefox:

SSL_ERROR_RX_RECORD_TOO_LONG

 

If i search with google there are many threads about this topic, but there isn't any solution for this.

Also there is no good tutorial on froxlor sites. Because i dont know if this is a bug or only a issue about a not-existent documentation, i havent created a issue on github yet.

I also doesnt get any results by your forum search. If this is the wrong forum, please move my topic to the right! thanks!

 

If i try to execute "openssl s_client -showcerts -connect jukusoft.com:443 -servername jukusoft.com" i get this output:

CONNECTED(00000003)
140505437533840:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 310 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1521806504
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

 

I have also configured IP / Port settings:

 

Domain Settings:

 

 

Where is the problem?
And please, can you write a good tutorial / documentation for SSL & letsencrypt configuration for froxlor?

[d00p]

The ssl-enabled IP/Port needs a certificate too, specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings). You also have to activate "generate Vhost container" in the ip/port for this to work

[JuKu]

@d00p Thanks for this fast answer!

 

vor 5 Stunden schrieb d00p:

The ssl-enabled IP/Port needs a certificate too

How do i get this certificate? Can i generate this or also get a certificate from letsencrypt?

 

vor 5 Stunden schrieb d00p:

specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings).

 

I have already specified this in global ssl settings:

 

Is this right?

[d00p]

You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought

[d00p]

Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required

[JuKu]

Am 25.3.2018 um 08:27 schrieb d00p:

You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought

Thanks for your answer again!
Can i also use a lets encrypt certificate for this?

Or have i really generate a selfsigned certificate?

 

If yes, how can i do this?

openssl req -new > new.ssl.csr

openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days NNN
cp new.cert.cert /etc/ssl/certs/server.crt
cp new.cert.key /etc/ssl/private/server.key

 

Am 25.3.2018 um 08:28 schrieb d00p:

Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required

I have done this, but it doesnt works.

[d00p]

42 minutes ago, JuKu said:

I have done this, but it doesnt works.

It doesnt work is not an error message...please post logs or error messages.