Connection to a domain refused in https

[astclub]

I installed a new domain in Plesk (dedicated IP), and self-generated a certificate in Plesk too. Then I linked this certificate to the domain/IP.

Trying to connect to https://domain.com or https://www.domain.com, I get a message from my browser: Conection was refused by the server.

The domain is setup with SSL allowed, there is a index.html page in the httpsdocs folder, etc etc. All seems OK, but it doesn't work! (the http requests are ok).

Any idea?

Thanks!

 

[astclub]

I just add that there is no firewall that can block requests, etc...

 

[astclub]

Any idea, nobody? Hired a "specialized management service", they didn't find anything!

 

[jamesyeeoc]

1. What browser(s) have you tried? Try more than one, and clear the cache first.

2. You say this is a new domain, have you verified that DNS has propagated. (dnsreport.com)

3. Have you tried browsing to http://ipaddress (or https://ipaddress)?

4. Have you checked the access_log or error_log of the domain (/home/httpd/vhosts/domain.tld/statistics/logs)

5. Try increasing your MaxClients value in /etc/httpd/conf/httpd.conf (and restart apache service)

That's all I can think of off the top of my head.

 

[astclub]

Here is what I can see in the server log files (There is NOTHING in the vhost log files!), when trying https://www.mydomain

(or with https://www.ip_of_domain, or without the www.)

What is this ?!!

error_log:

[Sat Sep 03 14:48:53 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!!
[Sat Sep 03 15:23:02 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!!
[Sat Sep 03 15:24:05 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!
[Sat Sep 03 15:24:40 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!
[Sat Sep 03 15:25:56 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!
[Sat Sep 03 15:26:16 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!
[Sat Sep 03 15:27:38 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!
[Sat Sep 03 15:30:55 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!
[Sat Sep 03 15:31:01 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!
[Sat Sep 03 15:31:42 2005] [error] [client _My_IP_Address_] Invalid method in request !g!!!

and the access_log:

_My_IP_Address_ - - [03/Sep/2005:14:48:53 -0400] "\x80g\x01\x03\x01" 501 217 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:23:02 -0400] "\x80g\x01\x03\x01" 501 217 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:24:05 -0400] "\x80g\x01\x03" 501 216 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:24:40 -0400] "\x80g\x01\x03" 501 216 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:25:56 -0400] "\x80g\x01\x03" 501 216 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:26:16 -0400] "\x80g\x01\x03" 501 216 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:27:38 -0400] "\x80g\x01\x03" 501 216 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:30:55 -0400] "\x80g\x01\x03" 501 216 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:31:01 -0400] "\x80g\x01\x03" 501 216 "-" "-"
_My_IP_Address_ - - [03/Sep/2005:15:31:42 -0400] "\x80g\x01\x03\x01" 501 217 "-" "-"

 

[jamesyeeoc]

\x80g\x01\x03

Other people have had this problem when there was:

1. Something mis-configured in their httpd.conf or httpd.include files regarding the SSL port 443 configuration.

2. SSL engine was not running

3. Certificate or key mis-configured

 

[astclub]

The fact is that

- We deleted/re-installed the domain in Plesk, so it should have fixed any config file bug,

- the SSL engine seems running as we can connect in https on 8443 (for Plesk)

- the certificate: the error is the same when we assign the default Plesk cert to the IP address of the domain. And this cert is OK as it works well when connecting to Plesk!

 

[jamesyeeoc]

Originally posted by astclub
The fact is that

- We deleted/re-installed the domain in Plesk, so it should have fixed any config file bug,

So you didn't manually look at the config files. Personally I don't like 'assuming' anything, especially with Plesk or any control panel software. Ideally deleting/recreating the domain in the control panel *should* resolve things, but the fact is that Plesk is not perfect, and there are times when it does not function as it should. There are many posts where problems were caused due to Plesk not making proper changes to the database or config files as it should have.

- the SSL engine seems running as we can connect in https on 8443 (for Plesk)

and you are having the problem when connecting to port 443, which is why if it were me, I would be scrutinizing the conf files and the entries related to the 443/ssl connections, and taking the time to verify that the certificates referenced in httpd.include and the files on the drive match and are valid and the contents of the cert files are ok. But that's just me...

- the certificate: the error is the same when we assign the default Plesk cert to the IP address of the domain. And this cert is OK as it works well when connecting to Plesk!

Ok, so the cert is fine, and we're back to checking the conf files (and the mysql tables for that matter) regarding the domain(s) which are having a problem. The Plesk GUI is fine when all is well, but it is definitely not a replacement for SSH root access to shell.

Note: I have only made reference to httpd conf files, but any conf files related to apache or ssl where there may be domain specific settings should be checked, as well as the mysql tables related to the domain(s), if for no other reason than to rule them out as sources of the problem.

 

[druedger]

I'll start off by saying I know nothing about Plesk, but I did have a similar problem configuring tomcat. Since Plesk is using port 8443, I'm wondering if you don't have an issue I ran into trying to configure Apache with a tomcat connector. If Plesk is a derivative of jakarta and is designed to run JSP and java servlets, then this may apply to you. If not, maybe my problem will help someone else or at least prevent them from spinning too many cycles trying to resolve it.

My issue happened when I configured Apache 2.0.55 with mod_ssl 0.9.7a and added a Tomcat connector using jk2_mod with jdk version 1.5.0_06 and tomcat version 5.5.16. This is running on RedHat 9.1.

I was able to successfully access the Tomcat pages after both servers were installed, and I was also able to get content from the Apache server using the normal http channel. But whenever I used the following URL:

https://localhost

I got the error stating the connection was interrupted. I looked in the server logs and saw the following error:

[Wed Mar 29 12:52:22 2006] [error] [client 127.0.0.1] Invalid method in request \x80g\x01\x03\x01

After spending a day going over the tomcat config files and ensuring that mod_ssl was set up, I concluded that this was an issue with the tomcat connector. When I edited the httpd.conf to remove the jk2_mod module from loading so that the tomcat connector was inactive, the request to https://localhost worked fine. As soon as I add the connector back in, the problem occurs.

Now here's where it gets strange. If I specify the IP address of the server directly instead of using localhost, it works! For some reason the request to localhost wants to hit the tomcat server even though I have not requested any content from it. I think this may be an issue with the tomcat connector for 5.5.16. The documentation clearly states that SSL is not required on the tomcat server if apache is serving the SSL requests, yet it appears that the request coming from the connector on port 8009 is being redirected to 8443. Since I did not have SSL support installed on the tomcat server, this would explain why the connection was interrupted.

I tried for another half day trying to get the SSL connection on 8443 configured in the tomcat server, but I could never get it to listen on that port. I followed the docs to the letter, and still it wouldn't work. A call to nmap showed that 8080 and 8009 were active, but I never got 8443 to happen. I suspect if it was listening, then my problem would go away since the redirect would be active and would be able to service the secure request.

I'm not sure if this helps, but it may give you some ideas about the handshake process to see if there is something in the Plesk configuration that needs to be updated. It definitely seems that a secure request is being initiated, but the listener is expecting normal HTTP.