Discussion:
Apache responding with wrong protocol
(too old to reply)
f***@gmail.com
2018-01-31 17:47:33 UTC
Permalink
I'm trying to set up Apache 2.4.25 with a Let's Encrypt certificate on Raspian Stretch. However, I can't get SSL working. Apache keeps responding with a 400 using HTTP instead of doing the SSL handshake. What's most confusing is that the log produces lines like:

hostname:80 148.72.168.62 - - [31/Jan/2018:18:23:13 +0100] "\x16\x03\x01" 400 0 "-" "-"

i.e. it says the request was coming in through port 80, even though it didn't. I changed my configuration to include 'Listen 443 https' and disabled the default listener on port 80. I made sure no process is listening on 80 and Apache is indeed bound to 443, but it still logs port 80 and responds with 400. I tried other ports as well. I verified the requests were coming in through the right port using "sudo nc -l <port>" while Apache was stopped.

SSLEngine is on, mod_ssl is enabled, and the paths for the certificate have been set up by certbot.

Any help would be appreciated.
f***@gmail.com
2018-02-13 09:06:27 UTC
Permalink
Solved by replacing _default_:443 with *:443 in default-ssl.conf.
d***@gmail.com
2018-04-12 18:52:20 UTC
Permalink
Post by f***@gmail.com
hostname:80 148.72.168.62 - - [31/Jan/2018:18:23:13 +0100] "\x16\x03\x01" 400 0 "-" "-"
i.e. it says the request was coming in through port 80, even though it didn't. I changed my configuration to include 'Listen 443 https' and disabled the default listener on port 80. I made sure no process is listening on 80 and Apache is indeed bound to 443, but it still logs port 80 and responds with 400. I tried other ports as well. I verified the requests were coming in through the right port using "sudo nc -l <port>" while Apache was stopped.
SSLEngine is on, mod_ssl is enabled, and the paths for the certificate have been set up by certbot.
Any help would be appreciated.
d***@gmail.com
2018-04-12 18:52:32 UTC
Permalink
Post by f***@gmail.com
hostname:80 148.72.168.62 - - [31/Jan/2018:18:23:13 +0100] "\x16\x03\x01" 400 0 "-" "-"
i.e. it says the request was coming in through port 80, even though it didn't. I changed my configuration to include 'Listen 443 https' and disabled the default listener on port 80. I made sure no process is listening on 80 and Apache is indeed bound to 443, but it still logs port 80 and responds with 400. I tried other ports as well. I verified the requests were coming in through the right port using "sudo nc -l <port>" while Apache was stopped.
SSLEngine is on, mod_ssl is enabled, and the paths for the certificate have been set up by certbot.
Any help would be appreciated.
d***@gmail.com
2018-04-12 18:53:00 UTC
Permalink
Post by f***@gmail.com
hostname:80 148.72.168.62 - - [31/Jan/2018:18:23:13 +0100] "\x16\x03\x01" 400 0 "-" "-"
i.e. it says the request was coming in through port 80, even though it didn't. I changed my configuration to include 'Listen 443 https' and disabled the default listener on port 80. I made sure no process is listening on 80 and Apache is indeed bound to 443, but it still logs port 80 and responds with 400. I tried other ports as well. I verified the requests were coming in through the right port using "sudo nc -l <port>" while Apache was stopped.
SSLEngine is on, mod_ssl is enabled, and the paths for the certificate have been set up by certbot.
Any help would be appreciated.
Loading...