Results 1 to 20 of 20

Thread: SSL not working

  1. #1
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215

    SSL not working

    Hi guys,

    I've been working on a script which requires SSL, and in doing so, I've realised that my SSL is playing up for all domains on my server. I receive the error message: "An error occurred during a connection to www.pxlabs.net.au. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)".

    I am using Apache 2.2 with PHP 5.2.10 along with cPanel/WHM. It used to work, but I assume maybe one of the updates have messed it up? I haven't actually touched anything in the configurations apart from going about the regular updates for cPanel.

    I had a look in the httpd.conf, and I can't see any entries for virtual hosts on port 443.

    Any suggestions?

    Thank you in advance and take care,
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  2. #2
    Jaseeey,


    Check you apache error logs size truncate the log files if excessive diskspace is consumed.

    Try reinstalling SSL certificate if this fails.

  3. #3
    Join Date
    May 2008
    Posts
    340
    This just came to mind while we were debugging SSL for a number of domains in a server. The problem was a log file in /usr/local/apache/logs had grown above 2G in file size. As you may already know, Apache 1.x cannot open/serve files more than 2G as that is the file size limit.

    If I am correct though, >2G file size limit was added in Apache 2.2.x so it should work in your case.

    But just in case, can you paste the output of the following command,

    cd /usr/local/apache/logs
    du -sch *
    Twitter : http://twitter.com/eth1networks
    Contact Us : support[at]eth1.in

  4. #4
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    I put in those commands, and the following output was received:
    Code:
    17M     access_log
    1.1M    error_log
    0       fpcgisock
    4.0K    httpd.pid
    0       modsec_audit.log
    0       modsec_debug_log
    0       ssl_scache.dir
    0       ssl_scache.pag
    4.0K    suexec_log
    4.0K    suexec_log.offset
    904K    suphp_log
    19M     total
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  5. #5
    Join Date
    May 2008
    Posts
    340
    From the output there is no large file, perhaps you can also run the same command under /usr/local/apache/domlogs and paste the output. If the output is large, you can use a service such as http://pastebin.com/
    Twitter : http://twitter.com/eth1networks
    Contact Us : support[at]eth1.in

  6. #6
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    eth1,

    I ran the command in that directory and the total came out to 272K, which seems very small. The server is not in a high traffic environment. I'm just not sure what would have made it randomly stop working..

    Take care,
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  7. #7
    Join Date
    Nov 2005
    Posts
    30
    When you say you realized that "SSL is playing up for all the domains", it makes me suspect that you do not have a dedicated IP for this domain/SSL which would be required.

  8. #8
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by Jaseeey View Post
    Hi guys,

    I've been working on a script which requires SSL, and in doing so, I've realised that my SSL is playing up for all domains on my server. I receive the error message: "An error occurred during a connection to www.pxlabs.net.au. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)".

    I am using Apache 2.2 with PHP 5.2.10 along with cPanel/WHM. It used to work, but I assume maybe one of the updates have messed it up? I haven't actually touched anything in the configurations apart from going about the regular updates for cPanel.

    I had a look in the httpd.conf, and I can't see any entries for virtual hosts on port 443.

    Any suggestions?

    Thank you in advance and take care,
    FYI

    http://www.mozilla.org/projects/secu...sl/sslerr.html

    check error code detail, its your hosting problem, i also have such things many time reason is only hosting problem. Are you root on the server?

    Thanks,
    Noman

  9. #9
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    falsealarm and nomankhn,

    It is my own VPS and there is no dedicated IP for the SSL. It is not a certified SSL certificate, just a self-signed shared certificate. This server is not in a production environment, so those are unnecessary to me.

    I changed my version of cPanel and now I cannot even access WHM, cPanel or Webmail on the SSL ports.

    Take care,
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  10. #10
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    563
    Quote Originally Posted by Jaseeey View Post
    I changed my version of cPanel and now I cannot even access WHM, cPanel or Webmail on the SSL ports.
    But cPanel/WHM is working over the non-SSL ports (2082 and 2086 respectively)?
    David Grega
    cPanel Technical Product Specialist

  11. #11
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    cPanelDavidG,

    That is correct. Anything that is non-SSL can be accessed without any issues. So far, I cannot access cPanel/WHM or Webmail via SSL, it just gives me a blank HTML document (even source code is blank). And when I try to access domains under SSL, it gives me the error message as stated in the initial post.

    Take care,
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  12. #12
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    563
    Quote Originally Posted by Jaseeey View Post
    cPanelDavidG,

    That is correct. Anything that is non-SSL can be accessed without any issues. So far, I cannot access cPanel/WHM or Webmail via SSL, it just gives me a blank HTML document (even source code is blank). And when I try to access domains under SSL, it gives me the error message as stated in the initial post.

    Take care,
    I had this happen to me once on a test server. Here's the commands I ran as root via SSH to fix the problem:

    Code:
    cd /usr/local/cpanel/src/3rdparty/perl
    make netssleay
    make netssleayinstall
    If that doesn't resolve the issue for you, please let me know if you are running this cPanel within a VPS or on a Dedicated Server.
    Last edited by cPanelDavidG; 07-13-2009 at 02:42 PM. Reason: Better formatting of the commands
    David Grega
    cPanel Technical Product Specialist

  13. #13
    Join Date
    Apr 2004
    Location
    Germany
    Posts
    37
    Apache is simply not encrypting on port 443.
    Compare these:
    http://125.214.73.153:80/cgi-sys/defaultwebpage.cgi
    http://125.214.73.153:443/cgi-sys/defaultwebpage.cgi
    You will realize that you can access both ports using plain HTTP. However, port 443 should only be accessible via SSL (unless TLS 1.1 is used in which case both would be possible if properly configured on the server).

    You can, however, not access any of them through HTTPS:
    https://125.214.73.153:80/cgi-sys/defaultwebpage.cgi
    https://125.214.73.153:443/cgi-sys/defaultwebpage.cgi

    I bet you have one of the following situations:

    * Apache cannot read your certificate
    Your SSL certificate + private key are not where apache is looking for them or are not readable to it or are in an incorrect format

    * There are multiple VirtualHost configurations for SSL on a single IP address but server name indication is not used / not yet supported by this combination of Apache version and SSL implementation/version.
    Last edited by mnaumann; 07-13-2009 at 03:04 PM.

  14. #14
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    Quote Originally Posted by Jaseeey View Post
    It is my own VPS and there is no dedicated IP for the SSL. It is not a certified SSL certificate, just a self-signed shared certificate. This server is not in a production environment, so those are unnecessary to me.

    I changed my version of cPanel and now I cannot even access WHM, cPanel or Webmail on the SSL ports.

    Take care,
    The bold and underlined section of your post is your issue - whether or not you are using a self-signed certificate or a certificate signed by a certificate authority you will need the domain to be on it's own IP for the SSL to work.

    If you want to install a shared SSL certificate what you will do is install the certificate under the username "nobody" on the shared IP.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  15. #15
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    cPanelDavidG,

    After upgrading to an edge release of cPanel, I can now access them again via the SSL ports. I did run the commands after I did that, but they had no effect on the domains on the server.

    mnaumann,

    I think it's more the case of there is no SSL virtual host entry, because I cannot see one in the httpd.conf. Does Apache 2.2 store them elsewhere?

    MikeDVB,

    I have a dedicated IP for the server, but I am using a self-signed certificate under the shared IP. This has always worked for me in the past and has only now began to be of trouble.

    Take care,
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  16. #16
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    cPanelDavidG,

    I returned back to the CURRENT release, and the issue occurred again where the SSL pages were appearing as white. I ran the few commands you pasted and it fixed the issue. I am now running on a CURRENT cPanel version. Now it's just the issue of the domains not working for SSL. I have noticed that one of my friend's servers is having the same problem on the domains - so it must've been something to do with a corrupt update.

    I am leaning more towards that the virtual host entries haven't been made. I will do some digging around and see if I can locate them.

    Take care and thanks for your help so far, to everyone!
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  17. #17
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    Hi guys,

    I've fixed the problem. It seems to be that Apache is not adding the SSL virtual host entries to the httpd.conf file. Unsure why though, because they were there in previous versions. Something appears to have removed them. I guess I will have to add each one manually.

    If anyone has any suggestions to why this may have happened, please do post back.

    Thank you for your support,
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  18. #18
    Join Date
    Apr 2004
    Location
    Germany
    Posts
    37
    Apache has never and will never manage VirtualHost configurations for you, you (or some additional software you use, such as CPanel) need to do this yourself. I do not use CPanel myself,and have little experience with it, so I could not tell what's possibly wrong there.

    As I wrote (indirectly) before, using Server Name Indication (SNI) it is possible to have multiple SSL VirtualHosts using different certificates on a single IP address by now, if Apache 2.2.12 or later and GNU TLS or a sufficiently current release of OpenSSL is used.

    However, this doesn't mean it will work with CPanel.
    Last edited by mnaumann; 07-14-2009 at 07:44 AM.

  19. #19
    Join Date
    Dec 2007
    Location
    Adelaide, AU, Earth
    Posts
    215
    mnaumann,

    I am using cPanel... just like I have mentioned throughout the whole thread.

    Take care,
    Jasey @ Phoenix Labs
    Web Developer / Technical Specialist
    www.pxlabs.net.au
    www.jasey.com.au/blog/

  20. #20
    Join Date
    Apr 2004
    Location
    Germany
    Posts
    37
    Right. I'm also not saying it's not possible with CPanel, I just don't know. I'm sure someone else will.

Similar Threads

  1. Replies: 9
    Last Post: 04-28-2008, 11:30 PM
  2. [cPanel] subdomain.domain.com not working | www.subdomain.domain.com - working ok
    By KamilPRO in forum Hosting Security and Technology
    Replies: 4
    Last Post: 07-24-2007, 09:08 AM
  3. Why php.ini not working and htaccess is working for php globals?
    By 19leo19 in forum Hosting Security and Technology
    Replies: 4
    Last Post: 01-08-2006, 08:46 AM
  4. Replies: 4
    Last Post: 09-10-2005, 04:23 PM
  5. FormMail CGI's stoped working - POST not working?!?
    By jucebro in forum Dedicated Server
    Replies: 14
    Last Post: 12-04-2001, 09:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •