View Single Post
  #5  
Old 11th April 2009, 00:52
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 116
Thanks: 6
Thanked 6 Times in 4 Posts
Default SSL handshake errors in error_log

I was just doing some ISPConfig modifications with my cousin earlier and happened to look at the error_log for ispconfig and noticed some SSL errors.

Like for example one was from googlebot [client 66.249.73.52] is googlebot btw..

[Sat Apr 4 05:40:28 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Mon Apr 6 03:00:07 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)

Then later I keep getting handshake errors like:

[Mon Apr 6 16:15:42 2009] [error] mod_ssl: SSL handshake failed (server www.kextra1domain.org:81, client 192.168.1.1) (OpenSSL library error follows) [Mon Apr 6 16:15:42 2009] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] [Mon Apr 6 16:19:57 2009] [notice] caught SIGTERM, shutting down [Mon Apr 6 16:21:29 2009] [notice] Apache configured -- resuming normal operations [Mon Apr 6 16:21:29 2009] [notice] Accept mutex: sysvsem (Default: sysvsem) [Mon Apr 6 18:00:55 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) [Mon Apr 6 18:00:55 2009] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?] [Mon Apr 6 20:21:16 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Mon Apr 6 23:12:47 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Wed Apr 8 19:50:09 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) [Wed Apr 8 19:50:09 2009] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS

I only have one IP address so I made sure SSL was disabled or not checked in any of the ISPConfig webs.

The only SSL Cert I want to be valid is the port 81 stuff like the admin panel.

Also, i have a router in front of the machine which is 192.168.1.1 ....maybe i have to confrigure the router because it shows that address as the client?

And where it says CN does not match CA, I'm guessing that means when i installed ispconfig server1.domain.com doesnt match the cert www.domain.com right? Can I adjust those settings without hurting ISPConfig?


Thanks guys,

kextra1

Last edited by kextra1; 11th April 2009 at 01:07. Reason: router info & CN Question
Reply With Quote