Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Can't connect to website via SSL

Discussion in 'Security' started by ClandestineMG, May 28, 2019.

  1. ClandestineMG

    ClandestineMG Registered

    Joined:
    May 28, 2019
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Philippines
    cPanel Access Level:
    Root Administrator
    Hi! I'm encountering a very weird problem. I have a dedicated server running 2 Magento websites simultaneously. Site 1 runs with no problems, while site 2 returns an SSL error.

    Here's the <VirtualHost> blocks I've included in the Pre Main Include section of WHM.


    Code:
    <VirtualHost 97.74.xxx.xxx:8080>
        ServerName www.example-domain.com
        ServerAlias example-domain.com
        DocumentRoot /home/example/public_html
        DirectoryIndex index.php
        ServerAdmin [email protected]
        UseCanonicalName Off
        ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
        <Directory /home/example/public_html>
            Order allow,deny
            Allow from all
        </Directory>
    </VirtualHost>
    
    <VirtualHost 97.74.xxx.xxx:8080>
        ServerName example-domain2.com
        DocumentRoot /home/example2/public_html
        DirectoryIndex index.php
        ServerAdmin [email protected]
        UseCanonicalName Off
        ScriptAlias /cgi-bin/ /home/example2/public_html/cgi-bin/
        <Directory /home/example2/public_html>
            Order allow,deny
            Allow from all
        </Directory>
    </VirtualHost>
    
    <VirtualHost 97.74.xxx.xxx:443>
        ServerAdmin [email protected]
        ServerName www.example-domain.com
        LogLevel warn
        ErrorLog /var/log/apache2/example-domain.com-ssl-error.log
        CustomLog /var/log/apache2/example-domain.com-ssl-access.log combined
        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:6081/
        ProxyPassReverse / http://127.0.0.1:6081/
        RequestHeader set X-Forwarded-Port "443"
        RequestHeader set X-Forwarded-Proto "https"
        SSLEngine On
        SSLCertificateFile /ssl/example-domain.crt
        SSLCertificateKeyFile /ssl/example-domain-key.txt
        SSLCertificateChainFile /ssl/example-domain.ca-bundle
    </VirtualHost>
    
    <VirtualHost 97.74.xxx.xxx:443>
        ServerAdmin [email protected]
        ServerName example-domain2.com
        LogLevel warn
        ErrorLog /var/log/apache2/example-domain2.com-ssl-error.log
        CustomLog /var/log/apache2/example-domain2.com-ssl-access.log combined
        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:6081/
        ProxyPassReverse / http://127.0.0.1:6081/
        RequestHeader set X-Forwarded-Port "443"
        RequestHeader set X-Forwarded-Proto "https"
        SSLEngine On
        SSLCertificateFile /ssl/example-domain2.com.crt
        SSLCertificateKeyFile /ssl/example-domain2-key.txt
        SSLCertificateChainFile /ssl/example-domain2.ca-bundle
    </VirtualHost>
    I tried to check their connections via OpenSSL, the first website returns an OK status. The second website returns this:


    Code:
    CONNECTED(00000003)
    >>> ??? [length 0005]
        16 03 01 01 38
    >>> TLS 1.3, Handshake [length 0138], ClientHello
        01 00 01 34 03 03 8d 97 f4 5a ca 07 58 0a 5d 7b
        aa 12 c0 ff 80 24 da 3d 0c 1b 7d 00 f4 55 46 48
        e3 da 4a e3 49 14 20 76 43 11 a1 15 f3 d4 0f c8
        03 41 b0 87 4f 4c 3e bf e6 b5 f4 77 12 ac 5b 9f
        b5 69 4e c6 a0 d8 f0 00 3e 13 02 13 03 13 01 c0
        2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
        9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
        14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00
        3c 00 35 00 2f 00 ff 01 00 00 ad 00 00 00 14 00
        12 00 00 0f 6d 61 6e 67 6a 6f 68 6e 6e 79 73 2e
        63 6f 6d 00 0b 00 04 03 00 01 02 00 0a 00 0c 00
        0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00
        16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 05
        03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08
        05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02
        01 03 02 02 02 04 02 05 02 06 02 00 2b 00 09 08
        03 04 03 03 03 02 03 01 00 2d 00 02 01 01 00 33
        00 26 00 24 00 1d 00 20 00 9a 38 3a a8 ef 92 8b
        b2 64 9f 99 9b 1d 94 1c 1d c8 c4 ad d8 28 ca f8
        9e 5f 91 77 19 d7 d0 4e
    <<< ??? [length 0005]
        3c 21 44 4f 43
    139815631066112:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5 bytes and written 317 bytes
    Verification: OK
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    Verify return code: 0 (ok)
    ---
     
    #1 ClandestineMG, May 28, 2019
    Last edited by a moderator: May 29, 2019
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,484
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Why was this site added manually to an Apache include instead of adding it as a second domain in whm?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @ClandestineMG,

    Can you open a support ticket so we can take a closer look at how Apache is configured? You can post the ticket number here and we'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice