SSL and Apache2 Error

Cherimos · September 10, 2021, 11:15am

Hi Community,

I've been running into a problem for several hours that I can't figure out.

I have an Ubuntu server version 18.04 and apache2 to display web pages. I am using port 8080 for http and port 4443 for https. The http version works properly but https not.
Network settings and ports are set correctly.
I have tested the SSL connection with an SSL check and the result is positive.
The SSL is installed properly and there are no errors. But when loading the page I get the following message.

This site can’t provide a secure connection

domain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

I am using the following config

nano /etc/apache2/sites-available/000-default.conf

<VirtualHost *:8880>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/domain

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:4443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ca_bundle.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCertificateChainFile /etc/apache2/ssl/ca_bundle.crt

ServerAdmin webmaster@localhost
DocumentRoot /var/www/domain

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
</ifModule>

nano /etc/apache2/ports.conf

Listen 0.0.0.0:8880
Listen 0.0.0.0:4443

<IfModule ssl_module>
Listen 0.0.0.0:4443
</IfModule>

<IfModule mod_gnutls.c>
Listen 0.0.0.0:4443
</IfModule>

I think the issue is the line with
Listen 0.0.0.0:4443
That the HTTPS protocol is getting loaded within HTTP?
If I uncomment this line, apache2 does not listen any more on port 4443.
So no connection any more.

Am I missing something in apache2?

Thank you in advance.

Neo · September 10, 2021, 11:24am

SSL cert providers only provide certs for port 443, FYI.

For example , LetsEncrypt certs work only on port 443 (unless they changed something in the last few years, which I doubt they did).

Did you try port 443 first and get it working?

Cherimos · September 10, 2021, 11:48am

@Neo Thanks for your comment.
Ports such as 443, 4443, 2053, 8443 and a few other ports are also supported by the browsers as SSL ports. I have often applied this in the past, but this is done via NGINX instead of Apache2.
I also tried port 443 but I get the exact same message.

Cherimos · September 10, 2021, 12:25pm

I found the issue, it's the wrong cert.file, I have 2 ca bundle included. I replaced it and everything works fine. But strange that multiple SSL checkers websites said everything was fine