The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

https/SSL Error Code -12263

Discussion in 'General Discussion' started by hm2k, May 18, 2007.

  1. hm2k

    hm2k Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I'm getting this error whenever I try any domain via https on any cPanel servers.

    https://hostname/
    https://example.com/

    Any of them all produce the same results.

    In firefox I get the following message:
    =======================
    -Alert-
    hostname has sent an incorrect or unexpected message. Error Code -12263
    =======================
    [​IMG]

    In IE6 however, we see the following standard error message page...
    =======================
    The page cannot be displayed
    ...
    Cannot find server or DNS Error
    Internet Explorer
    =======================

    I read on another thread to check my /etc/httpd/conf/httpd.conf for <IfDefine SSL>

    re: http://forums.cpanel.net/showthread.php?t=62839

    BUT, my httpd.conf defiantly has the following:
    ...
    <IfDefine SSL>
    AddModule mod_ssl.c
    </IfDefine>
    ...
    <IfDefine SSL>
    Listen 80
    Listen 443
    </IfDefine>
    ...
    <IfDefine SSL>
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
    </IfDefine>

    <IfModule mod_ssl.c>

    SSLPassPhraseDialog builtin

    SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
    SSLSessionCacheTimeout 300

    SSLMutex file:/usr/local/apache/logs/ssl_mutex

    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin

    SSLLog /usr/local/apache/logs/ssl_engine_log
    SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
    SSLSessionCacheTimeout 300

    SSLMutex file:/usr/local/apache/logs/ssl_mutex

    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin

    SSLLog /usr/local/apache/logs/ssl_engine_log
    SSLLogLevel info

    </IfModule>

    <IfDefine SSL>



    </IfDefine>


    There's plenty more, I don't see where the problem could possibly be.

    I checked my /usr/local/apache/logs/error_log, which seems to have the following each time I try a https lookup...

    [Fri May 18 16:01:22 2007] [error] [client my.ip.address] Invalid method in request \\x16\\x03\\x01

    I can't work out the problem, what could the problem be?

    Help!
     
  2. visiox

    visiox Well-Known Member

    Joined:
    Jan 19, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Hi there,

    did you installed the SSL-certs for your domains?
    how is your domain-config within httpd.conf looking?
     
  3. hm2k

    hm2k Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    SSL-certs I assumed so... How exactly can I check?

    domain-config within httpd.conf? It looks fine, everything else on the domains works fine, apart from https...

    Thanks for your help, please advise further.
     
  4. visiox

    visiox Well-Known Member

    Joined:
    Jan 19, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Hi there,

    ok, let's see... apache is compiled and installed to deal with ssl cert's.
    BUT, it's up to YOU which domain has a (valid) cert installed and for which domain you have a (proper) configuration inside http.conf

    e.g.

    <VirtualHost 1.2.3.4:443>
    ServerAlias yourdomain.com
    ServerAdmin nospam@yourdomain.com
    DocumentRoot /home/yourdomain/public_html
    BytesLog domlogs/yourdomain.com-bytes_log
    <IfModule mod_php4.c>
    #php_admin_value open_basedir "/home/yourdomain/:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule mod_php5.c>
    #php_admin_value open_basedir "/home/yourdomain/:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    User yourduser
    Group youruser
    ServerName www.yourdomain.com
    CustomLog /usr/local/apache/domlogs/yourdomain.com combined
    ScriptAlias /cgi-bin/ /home/yourdomain/public_html/cgi-bin/
    SSLEngine on
    SSLCertificateFile /usr/local/apache/conf/ssl.crt/yourdomain.com.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/yourdomain.com.key

    </VirtualHost>



    maybe you should have a look at your WHM -> SSL/TLS
     
    #4 visiox, May 18, 2007
    Last edited: May 18, 2007
  5. hm2k

    hm2k Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    According to WHM, apache is compiled with "SSL Module (Version 2.8.28)".

    I understand that domains in the httpd.conf should accept ssl connections, however cPanel should automatically organise this for me.

    As far as I can see, this is not the problem, the httpd.conf is fine.

    The next issue is that for https to work, you don't NEED a certificate, although its recommended to authentication, its not a requirement, at least to my understanding.

    I understand that often for a true certificate you need to purchase one via a third party anyway.

    However, at present I'm just trying to get it to work, without purchasing a third party cert.

    The question is, what steps do I need to take to get this to work?
     
  6. jrehmer

    jrehmer Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    287
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Denver, CO
    First if you want to run SSL on a site, you MUST have a certificate. It doesn't have to be signed, but you definitely need a certificate, whoever told you it wasn't a requirement is wrong. You also need to setup the certificate under each domain. Simply turning SSL support on doesn't do anything, you must attach a valid certificate to the site before SSL will work.
     
  7. hm2k

    hm2k Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Not signed is what i'm thinking of...

    But as I said, the question is, what steps do I need to take to get this to work?
     
  8. jrehmer

    jrehmer Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    287
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Denver, CO
    Generate a self-signed certificate and use WHM/cPanel to install the certificate.
     
  9. intel352

    intel352 Well-Known Member

    Joined:
    Nov 25, 2003
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NC, USA
    I had a similar issue. In my case, I was upgrading an existing server that had 2 accounts already setup with proper SSL certs.

    It turns out the problem was the default VirtualHost directives. I had each Cert bound to it's own IP. At the top of the httpd.conf were default virtualhost directives that were essentially placeholders I reckon, and supposedly the virtualhost entries at the bottom of the conf file would override the ones at the top. Apparently this didn't work as planned :)

    I just commented out the virtualhosts that looked like the following:
    Code:
    #<VirtualHost 11.11.11.1:443>
    #    ServerName cp.example.com
    #    DocumentRoot /usr/local/apache/htdocs
    #    ServerAdmin admin@example.com
    #</VirtualHost>
    
    # DO NOT EDIT. AUTOMATICALLY GENERATED
    
    #<VirtualHost 22.22.22.2:443>
    #    ServerName cp.example.com
    #    DocumentRoot /usr/local/apache/htdocs
    #    ServerAdmin admin@example.com
    #</VirtualHost>
    
     
  10. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    SSL cert was OK - now returns 12263 error

    I have a cert that had been working fine since April 2007. It now returns the "incorrect or unexpected message" 12263 error code.

    Here is the approprtiate portion of httpd.conf as created automatically by WHM:

    <IfDefine SSL>
    <VirtualHost ##.#.##.##:443>
    ServerAdmin webmaster@xyz.com
    DocumentRoot /home/xyz/public_html
    BytesLog domlogs/xyz.com-bytes_log
    ServerName www.xyz.com
    UserDir public_html

    <IfModule mod_userdir.c>
    Userdir disabled
    Userdir enabled xyz
    </IfModule>

    <IfModule mod_php4.c>
    php_admin_value open_basedir "/home/xyz:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule mod_php5.c>
    php_admin_value open_basedir "/home/xyz:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>

    User xyz
    Group xyz
    ScriptAlias /cgi-bin/ /home/xyz/public_html/cgi-bin/

    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/www.xyz.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/www.xyz.com.key
    SSLCACertificateFile /usr/share/ssl/certs/www.xyz.com.cabundle
    SSLLogFile /usr/local/apache/domlogs/www.xyz.com-ssl_data_log
    CustomLog /usr/local/apache/domlogs/www.xyz.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>


    How to fix? Ideas?
     
  11. rligg

    rligg Well-Known Member

    Joined:
    Sep 16, 2003
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    16
    Were you able to fix this? If so, how did you do it?
     
  12. innsites

    innsites Well-Known Member

    Joined:
    Nov 30, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Hmmm....not sure if I remember.

    I believe that I looked at a copy in offsite backup and removed the problematic virtual host from the active file and hand edited it to contain the text from the known working one in backup. I had not made the changes that broke the working SSL - it happened as a fluke but I was able to restore it to working order.
     
  13. rligg

    rligg Well-Known Member

    Joined:
    Sep 16, 2003
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    16
    Thanks. My problem I created. I gave the server wide cert which matched the server name the shared ip address of the server. Thi was not the same ip as the server ip. Once I reinstalled the cert with the server ip, the problem was corrected.
     
Loading...

Share This Page