SSL23_GET_SERVER_HELLO:unknown protocol


SSL23_GET_SERVER_HELLO:unknown protocol



I have read all postings on this error, and tried all the answers, but problem is still not resolved.



Running Debian 8 virtual machine created by Google Cloud Platform, created a Self-Signed SSL and configured the default-ssl file as per instructions, and still getting error when connecting to port 443. Here is the command that I ran and the message that I got. Any insightful help would be welcome:


openssl s_client -connect localhost:443


140700056811152:error:140770FC:SSL routines: :s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1530501490
Timeout : 300 (sec)
Verify return code: 0 (ok)





"I have read all postings on this error, and tried all the answers, but problem is still not resolved." - which says absolutely nothing about what you've really tried and thus is not helpful in narrowing down the problem. "...configured the default-ssl file as per instructions" - which says nothing about your configuration either since it is unknown which instructions you've followed. Chances are thus high that you either followed the wrong instructions or that you've followed the instructions wrong.
– Steffen Ullrich
Jul 2 at 3:45






localhost:443 seems suspicious as a destination... You do not really need TLS to protect a communication that does not leave the server at all.
– Patrick Mevzek
Jul 2 at 15:01


localhost:443





Please see my answer to my own question below.
– Aaron V.
Jul 4 at 17:45





1 Answer
1



Steffen, you're right; I tried to avoid redundant info, but the devil is in the detail and needed to mention. Thank you for your review and insightful comment.



The good news is that the issue is resolved and here is what I did, in detail, so that those like me who get stuck, can benefit from my experience:



In my most recent attempt that turned out to be successful, I followed the instructions for Apache on this page:



https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority



What made it different this time is the following:



I included reference to the intermediate certificate (the gd_xxxx_bundle.crt file, which I renamed it to ca-buncle.crt) in my default-ssl.conf file which is:



#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt



In Wordpress Admin, under Settings/General, the WordPress Address (URL) and Site Address (URL) were pointing to the IP address (before I mapped it to the domain in the DNS). I changed it to https://domainname.com (contrary to some articles that mention editing wp-config.php would do, which I did and it threw me out of wp-admin)



Not sure if the following two edits have an impact on the result, but I have no desire to experiment further with it, but sharing it with you nevertheless:



I added ServerName to



/etc/apache2/sites-enabled/wordpress.conf
/etc/apache2/sites-enabled/default-ssl
/etc/apache2/sites-available/000-default.conf



Finally, there is a site that checks for the certificate:



https://decoder.link/sslchecker//443



That may shed some light on the issue if the certificate doesn't work.



Cheers.






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Popular posts from this blog

Rothschild family

Cinema of Italy