I have the following setup:
- Apache 2.4
- Ubuntu 16.04 LTS
- letsencrypt / certbot
Now, as soon as I enable the following .conf on the default server, all my configured top level domains receive a SSL_ERROR_RX_RECORD_TOO_LONG error. If I disable this config, everything works as expected.
Because of this fact, I am sure, apache listens to the correct ports, to the correct IPs, and letsencrypt/certbot is correctly setup.
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Require all denied
</Directory>
</VirtualHost>
Changing this to
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Require all granted
</Directory>
</VirtualHost>
has not solved the problem.
apache2ctl -S
shows the expected results, 001-default-ssl.conf and 001-default.conf are the defaults for port 80 and port 443.
openssl s_client -connect workingdomain.tld:443
prints:
CONNECTED(00000003) 139991513372312:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1515852550 Timeout : 300 (sec) Verify return code: 0 (ok) ---
Again, as soon as I disable this config, every domain configured with certbot/letsencrypt works as expected.
I don't get this, since I am basically blocking only the default server, all my other domains should be unaffected by this setting.