edgren,
@edgren@fosstodon.org avatar

Having big issues with my Apache based web server! I get SSL_ERROR_RX_RECORD_TOO_LONG and I can't fix it!

Everything worked flawlessly 1 hour ago. I copied the updated and more secured .conf file from one of my domains and replaced it with the old one (backed up everything first, of course). After that, I get that error on all of my domains!

I have zero clue how to fix this!

Need to take a break from this now 😔 But if anyone have any clue how to fix this, please let me know.

martijn,
@martijn@ieji.de avatar

@edgren I think this is related to all hosts not having a unique IP address, and sni being disabled.

NameVirtualHost *:443 should be in your Apache conf to enable sni. Or you should force all domains to unique addresses

edgren,
@edgren@fosstodon.org avatar

@martijn "sni"? What's that?

The thing is that I haven't touched any configuration since last night. And back then, I have only added some security stuff to my apache2.conf file. Please see screenshots. The commented lines are the new lines from last night.

image/png

martijn,
@martijn@ieji.de avatar

@edgren SNI tells the server which domain to request. I can't see anything wrong with these screenshots.

Could you try to see if the word "NameVirtualHost *:443" is in there? Because I think it should. (Otherwise try adding it and restart apache)

edgren,
@edgren@fosstodon.org avatar

@martijn Ok, thank you for the explaination.

I added NameVirtualHost *:443 above <Directory /> and restarted Apache. No difference 😕

martijn,
@martijn@ieji.de avatar

@edgren hm, there are no other pointers in the apache log?

edgren,
@edgren@fosstodon.org avatar

@martijn Basically only this:

AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.

Besides that, few PHP module errors ([insert thing here] already loaded) and a PHP Startup: Unable to load dynamic library 'pdo_sqlite'.

martijn,
@martijn@ieji.de avatar

@edgren the php message probably means php-sqlite isn't installed. It might be that you have to resolve the HTTP/2 message for your SSL error. No guarantee, but this configuration might be misbehaving.

You could try "a2dismod http2", to disable http2 fully, to see if that clears up the issue (this wil give you http 1.1 support only).

martijn,
@martijn@ieji.de avatar

@edgren that could possibly be "a2disconf http" btw, I don't remember, and don't have an apache conf at hand. Either of those 2 commands should be the working one for that.

edgren,
@edgren@fosstodon.org avatar

@martijn I have had support for HTTP2 before. Had Protocols h2 http/1.1 since before. Added h2c last night.

Disabling proxy_http2 and after that http2 (was required to disable proxy_http2 first) and then restart Apache didn't solve the issue.

Removing h2c from the config file for a domain didn't solve the issue either. I knew it wouldn't do any difference, but I wanted to try 😆

martijn,
@martijn@ieji.de avatar

@edgren too bad. I'm at the end of my suggestions to try :(

edgren,
@edgren@fosstodon.org avatar

@martijn The issue is now fixed. Please see https://fosstodon.org/@edgren/111749802126569868 and the previous toot for the link to the config file.

martijn,
@martijn@ieji.de avatar

@edgren i see, glad that you are able to resolve it. Wouldn't have looked at the rewriterule

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • ngwrru68w68
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • megavids
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • provamag3
  • JUstTest
  • All magazines
    •