Recently I upgraded a Debian server from Debian 8 (jessie) to Debian 9 (stretch) which also caused Apache to be upgraded from version 2.4.10 to 2.4.25. After the upgrade, when trying to connect to the web site using HTTPS, Firefox showed an error message with the code "SSL_ERROR_RX_RECORD_TOO_LONG". This error message is quite confusing, I thought that there would be something wrong with the certificate or the code that handles TLS. After searching a little bit in the Web, I figured out that Apache is actually serving HTTP on port 443 which doesn't work of course. The page that helped me was
https://community.letsencrypt.org/t/ssl-error-rx-record-too-long-on-debian-9-apache-2/123371
The command apachectl revealed that Apache was only aware of the virtual host configuration to serve on HTTP:
apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 x.y.z (/etc/apache2/sites-enabled/000-default.conf:3)
It's interesting that Apache can't detect this misconfiguration somehow. Who wants to run a HTTP server on port 443 anyway?
Once I was aware of the problem, I tried to find out why it didn't read the virtual host configuration using TLS. The filename was /etc/apache2/sites-enabled/001-default-ssl and it worked fine with Apache 2.4.10 on Debian 8. So I took a look at /etc/apache2/apache2.conf and made a diff with the old configuration file. Then I saw this:
< IncludeOptional sites-enabled/*.conf
---
> Include sites-enabled/
While the old configuration told Apache2 to just read any file in sites-enabled/, the new configuration only processes files with ".conf" at the file name's end (which is clever IMHO). So what I had to do was to remove all the wrong links in sites-enabled, rename the configuration files in sites-available and add them again using "a2ensite". Finally, my web site was working again using HTTPS.
Keine Kommentare:
Kommentar veröffentlichen