https/SSL Error Code -12263

hm2k

Well-Known Member
Jul 19, 2005
93
0
156
I'm getting this error whenever I try any domain via https on any cPanel servers.

https://hostname/
https://example.com/

Any of them all produce the same results.

In firefox I get the following message:
=======================
-Alert-
hostname has sent an incorrect or unexpected message. Error Code -12263
=======================


In IE6 however, we see the following standard error message page...
=======================
The page cannot be displayed
...
Cannot find server or DNS Error
Internet Explorer
=======================

I read on another thread to check my /etc/httpd/conf/httpd.conf for <IfDefine SSL>

re: http://forums.cpanel.net/showthread.php?t=62839

BUT, my httpd.conf defiantly has the following:
...
<IfDefine SSL>
AddModule mod_ssl.c
</IfDefine>
...
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
...
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>

<IfModule mod_ssl.c>

SSLPassPhraseDialog builtin

SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300

SSLMutex file:/usr/local/apache/logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

SSLLog /usr/local/apache/logs/ssl_engine_log
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300

SSLMutex file:/usr/local/apache/logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

SSLLog /usr/local/apache/logs/ssl_engine_log
SSLLogLevel info

</IfModule>

<IfDefine SSL>



</IfDefine>


There's plenty more, I don't see where the problem could possibly be.

I checked my /usr/local/apache/logs/error_log, which seems to have the following each time I try a https lookup...

[Fri May 18 16:01:22 2007] [error] [client my.ip.address] Invalid method in request \\x16\\x03\\x01

I can't work out the problem, what could the problem be?

Help!
 

hm2k

Well-Known Member
Jul 19, 2005
93
0
156
SSL-certs I assumed so... How exactly can I check?

domain-config within httpd.conf? It looks fine, everything else on the domains works fine, apart from https...

Thanks for your help, please advise further.
 

visiox

Well-Known Member
Jan 19, 2004
49
0
156
Hi there,

ok, let's see... apache is compiled and installed to deal with ssl cert's.
BUT, it's up to YOU which domain has a (valid) cert installed and for which domain you have a (proper) configuration inside http.conf

e.g.

<VirtualHost 1.2.3.4:443>
ServerAlias yourdomain.com
ServerAdmin [email protected]
DocumentRoot /home/yourdomain/public_html
BytesLog domlogs/yourdomain.com-bytes_log
<IfModule mod_php4.c>
#php_admin_value open_basedir "/home/yourdomain/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule mod_php5.c>
#php_admin_value open_basedir "/home/yourdomain/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
User yourduser
Group youruser
ServerName www.yourdomain.com
CustomLog /usr/local/apache/domlogs/yourdomain.com combined
ScriptAlias /cgi-bin/ /home/yourdomain/public_html/cgi-bin/
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/yourdomain.com.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/yourdomain.com.key

</VirtualHost>



maybe you should have a look at your WHM -> SSL/TLS
 
Last edited:

hm2k

Well-Known Member
Jul 19, 2005
93
0
156
According to WHM, apache is compiled with "SSL Module (Version 2.8.28)".

I understand that domains in the httpd.conf should accept ssl connections, however cPanel should automatically organise this for me.

As far as I can see, this is not the problem, the httpd.conf is fine.

The next issue is that for https to work, you don't NEED a certificate, although its recommended to authentication, its not a requirement, at least to my understanding.

I understand that often for a true certificate you need to purchase one via a third party anyway.

However, at present I'm just trying to get it to work, without purchasing a third party cert.

The question is, what steps do I need to take to get this to work?
 

jrehmer

Well-Known Member
Apr 10, 2003
286
0
166
Denver, CO
According to WHM, apache is compiled with "SSL Module (Version 2.8.28)".

I understand that domains in the httpd.conf should accept ssl connections, however cPanel should automatically organise this for me.

As far as I can see, this is not the problem, the httpd.conf is fine.

The next issue is that for https to work, you don't NEED a certificate, although its recommended to authentication, its not a requirement, at least to my understanding.

I understand that often for a true certificate you need to purchase one via a third party anyway.

However, at present I'm just trying to get it to work, without purchasing a third party cert.

The question is, what steps do I need to take to get this to work?
First if you want to run SSL on a site, you MUST have a certificate. It doesn't have to be signed, but you definitely need a certificate, whoever told you it wasn't a requirement is wrong. You also need to setup the certificate under each domain. Simply turning SSL support on doesn't do anything, you must attach a valid certificate to the site before SSL will work.
 

hm2k

Well-Known Member
Jul 19, 2005
93
0
156
Not signed is what i'm thinking of...

But as I said, the question is, what steps do I need to take to get this to work?
 

intel352

Well-Known Member
Nov 25, 2003
55
0
156
NC, USA
I had a similar issue. In my case, I was upgrading an existing server that had 2 accounts already setup with proper SSL certs.

It turns out the problem was the default VirtualHost directives. I had each Cert bound to it's own IP. At the top of the httpd.conf were default virtualhost directives that were essentially placeholders I reckon, and supposedly the virtualhost entries at the bottom of the conf file would override the ones at the top. Apparently this didn't work as planned :)

I just commented out the virtualhosts that looked like the following:
Code:
#<VirtualHost 11.11.11.1:443>
#    ServerName cp.example.com
#    DocumentRoot /usr/local/apache/htdocs
#    ServerAdmin [email protected]
#</VirtualHost>

# DO NOT EDIT. AUTOMATICALLY GENERATED

#<VirtualHost 22.22.22.2:443>
#    ServerName cp.example.com
#    DocumentRoot /usr/local/apache/htdocs
#    ServerAdmin [email protected]
#</VirtualHost>
 

innsites

Well-Known Member
Nov 30, 2005
57
0
156
SSL cert was OK - now returns 12263 error

I have a cert that had been working fine since April 2007. It now returns the "incorrect or unexpected message" 12263 error code.

Here is the approprtiate portion of httpd.conf as created automatically by WHM:

<IfDefine SSL>
<VirtualHost ##.#.##.##:443>
ServerAdmin [email protected]
DocumentRoot /home/xyz/public_html
BytesLog domlogs/xyz.com-bytes_log
ServerName www.xyz.com
UserDir public_html

<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled xyz
</IfModule>

<IfModule mod_php4.c>
php_admin_value open_basedir "/home/xyz:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir "/home/xyz:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>

User xyz
Group xyz
ScriptAlias /cgi-bin/ /home/xyz/public_html/cgi-bin/

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/www.xyz.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/www.xyz.com.key
SSLCACertificateFile /usr/share/ssl/certs/www.xyz.com.cabundle
SSLLogFile /usr/local/apache/domlogs/www.xyz.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/www.xyz.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>


How to fix? Ideas?
 

rligg

Well-Known Member
Sep 16, 2003
275
0
166
I have a cert that had been working fine since April 2007. It now returns the "incorrect or unexpected message" 12263 error code.

Here is the approprtiate portion of httpd.conf as created automatically by WHM:

<IfDefine SSL>
<VirtualHost ##.#.##.##:443>
ServerAdmin [email protected]
DocumentRoot /home/xyz/public_html
BytesLog domlogs/xyz.com-bytes_log
ServerName www.xyz.com
UserDir public_html

<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled xyz
</IfModule>

<IfModule mod_php4.c>
php_admin_value open_basedir "/home/xyz:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir "/home/xyz:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>

User xyz
Group xyz
ScriptAlias /cgi-bin/ /home/xyz/public_html/cgi-bin/

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/www.xyz.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/www.xyz.com.key
SSLCACertificateFile /usr/share/ssl/certs/www.xyz.com.cabundle
SSLLogFile /usr/local/apache/domlogs/www.xyz.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/www.xyz.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>


How to fix? Ideas?
Were you able to fix this? If so, how did you do it?
 

innsites

Well-Known Member
Nov 30, 2005
57
0
156
Hmmm....not sure if I remember.

I believe that I looked at a copy in offsite backup and removed the problematic virtual host from the active file and hand edited it to contain the text from the known working one in backup. I had not made the changes that broke the working SSL - it happened as a fluke but I was able to restore it to working order.
 

rligg

Well-Known Member
Sep 16, 2003
275
0
166
Thanks. My problem I created. I gave the server wide cert which matched the server name the shared ip address of the server. Thi was not the same ip as the server ip. Once I reinstalled the cert with the server ip, the problem was corrected.