2

I tried to install letsencrypt on my apache2 server (running on Ubuntu 16.04). It seems to work fine but for some reason i got the following error on my website:

ERR_SSL_PROTOCOL_ERROR

i cant figure out what's wrong and i hope you'll be able to help me.

Here is my vhost:

<VirtualHost *:80>
   ServerName debout-les-idees.fr
   ServerAlias www.debout-les-idees.fr

   RewriteEngine on
   RewriteCond %{HTTPS} !on
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>
<IfModule mod_ssl>
    <VirtualHost *:443>

            ServerName debout-les-idees.fr
            ServerAlias www.debout-les-idees.fr
            DocumentRoot /var/www/DLI.fr/public

            <Directory /var/www/DLI.fr/public>
                    Options -Indexes
                    AllowOverride all
                    Order allow,deny
                    allow from all
            </Directory>

            SSLEngine on
            SSLCertificateFile /etc/letsencrypt/live/debout-les-idees.fr/cert.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/debout-les-idees.fr/privkey.pem
            SSLCertificateChainFile /etc/letsencrypt/live/debout-les-idees.fr/chain.pem
            SSLProtocol all -SSLv2 -SSLv3
            SSLHonorCipherOrder on
            SSLCompression off
            SSLOptions +StrictRequire
            SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
            Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

            LogLevel warn
            ErrorLog ${APACHE_LOG_DIR}/www.debout-les-idees.fr-error.log
            CustomLog ${APACHE_LOG_DIR}/www.debout-les-idees.fr-access.log combined

    </VirtualHost>
</IfModule>

And here is my error.log:

Tue Dec 11 06:25:03.530356 2018] [mpm_prefork:notice] [pid 26402] 
AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming 
normal operations
[Tue Dec 11 06:25:03.530397 2018] [core:notice] [pid 26402] AH00094: 
Command line: '/usr/sbin/apache2'

And if it can help you here is my ports.conf file:

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    NameVirtualHost *:443
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Thanks a lot guys, i believe in you ^^

Zer0NimO
  • 21
  • 1
  • 2

0 Answers0