All letsencrypt websites are now getting browser error: SSL_ERROR_RX_RECORD_TOO_LONG

Discussion in 'ISPConfig 3 Priority Support' started by webguyz, Feb 4, 2019.

  1. webguyz

    webguyz Active Member HowtoForge Supporter

    Was doing a Debianm 8-9 upgrade then started getting these SSL errors after reboot. I restored my last backup and its still doing it. I started removing the SSL certs from the ISPconfig website gui but still having problem. Kind of freaking out as there were a lot of letsencrypt websites on this server and finding it hard to believe am restore did not fix the problem.
    Any one see this before? Where to begin? Before I started the upgrade all these websites were working fine.

  2. webguyz

    webguyz Active Member HowtoForge Supporter

    Even though I am removing the letsencrypt from ISPconfig Gui Im am still getting an error about
    I verified that the vhosts do not SSL section enabled so how come I'm still seeing this err
  3. webguyz

    webguyz Active Member HowtoForge Supporter

    Is it possible to totally remove all the letsencrypt websites on that server and remove letsencrypt service and re-install it?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You see this error because your browser still tries to connect with https instead of http to that website. Either you have a http to https redirect in the website, in the cms or your browser cached the redirect.

    That's probably not needed. Instead of removing something, take a look at the let#s encrypt.log file to find out why LE fails and then fix that.

    And ISPConfig debug mode will be helpful as well to find out why SSL could not be enabled on the websites.
  5. webguyz

    webguyz Active Member HowtoForge Supporter


    You were right. Most of the sites are WordPress and I had changed DB wp_options table to go to https:// for all the websites. Once I changed that back for all the sites and removed letsencrypt from the website settings of all web sites they worked normally. But something must have happened to the certificat info. I used the cli: certbot delete --cert-name xxx and deleted the certificate of each of the entries in /etc/letsencrypt one at a time and then I re-checked the LE settings in Website settings. All but a 3 websites are fixed now. The other 3 look correct as far as vhost settings and the SSL files are in the /SSL folder but when I go to the website with https:// I never see any indication on the url bar that it has a cert, no error, no partial padlock, just saying the site is not secure the same as if it did not even have a certificate installed.

    Will give debug mode a try.

    Biggest problem when something like this happens to a production site is the panic that sets in, especially after I had just restored from a recent VM backup. Not sure sure what triggered it so definitely have some forensics to do.

  6. webguyz

    webguyz Active Member HowtoForge Supporter

    Mystery Solved. It was my fault. I put up 2 fw rules (one for port 80 and one for port 443) to redirect all visitors to websites on that server to an Under Maintenance page. When finished I remove those fw rules. In this case I removed port 80 but did not remove the port 443 redirect for some reason, probably got distracted.

    Any way that explains why I thought the upgrade failed and after I restored the last backup I was getting the same error, unable to access SSL. There was never anything wrong with LetsEncrypt and probably even the 8 to 9 upgrade.

    Now all my websites are working correctly and no more SSL errors. All that work and worry for nothing :-(
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Good to know that you were able to solve the issue and thank you for posting the solution of your problem!

Share This Page