0

Heya all,

I have a VPS with centOs 7 on it, that has a bit of an issue.
Whenever i try to access my VPS from a browser using httpS://, it gives me the following error:

Secure Connection Failed

An error occurred during a connection to 37.59.111.21:8000. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

the content of /etc/httpd/logs/ssl_error_log is as follows:

[Fri Nov 21 10:42:47.411502 2014] [ssl:warn] [pid 284] AH01909: RSA certificate configured for 37.59.111.21:443 does NOT include an ID which matches the server name

From what i could gather, this means my SSL keys got invalidated because the server name is wrong however it did work before.

The only things i did between this error and the last time it did work are:
- installing adjenti (that does work on http)
- changing the DNS to openDNS (as the last one didnt work anymore)
- rebooting the system.

My best guess is that changing the DNS address caused this, but i don't know enough about SSL to know what do now.

2
Contributors
3
Replies
33
Views
3 Years
Discussion Span
Last Post by CimmerianX
0

In the SSL cert, what do you have as subject or SAN for the hostname? Do you have this same hostname in the .conf file?

Is port 8000 listening for http or https traffic. You can usually recreate this error if you try to https over port 80 to a server.

On your server, what ssl sites do you have enabled?

0

i don't know exactly what the hostname is, but when i try to connect through https without adding a port, firefox tells me (in an untrusted certificate issue) that it is vps105268.ovh.net, which is kinda weird since my VPS host gave me the number 114574.

When i Nmap the server, it says '8000/tcp open http-alt', while https is at '443/tcp open https'

I'll check the opened SSL sites for apache tomorrow, been enough work for a saturday already :)

0

I went to curl and pull the cert from that host, but I am getting a no host found error on that FQDN.

If you want, msg me the ip address or fqdn and I'll run a few tests to it. At least I can help you ID the cert and ports it's useing.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.