• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question ERR_SSL_PROTOCOL_ERROR only witch Chrome

pablofrp

Basic Pleskian
Server operating system version
Unbuntu 12
Plesk version and microupdate number
12.5.30 Update no. 79, last updated at 11 Jul 2023
Hello

On one of our servers no suite works only with Chrome, which is very annoying.

We tested SSL certificates with sslshopper and ssllabs

Everything is OK.

It's an Unbuntu 12 (I know it's old but no choice)

And Pesk's version is:
Plesk 12.5.30
Laste update : n 79

Do you have any ideas or ideas?

Tanks you

Pablo
 
Hi Pablo, no solution but we have the same problem (same version too)
OS ‪Ubuntu 12.04.5 LTS‬
Version de Plesk 12.5.30 Mise à jour n° 79
I'm just a developer, I made many test :
- DNS with our registrar (network solution) or other => error
- test our code solution or WP or PrestaShop => error
- test without SSL => Work
- test with "default certificat" => we has got page to prevent we will enter in an unsecured website, if we accept risk, ERROR
If the website has a valid certificate, we have got the error immediately
- Any version of PHP used (5.3 (olds projects) or +) => error
- Same DNS but sub-domains on other server => Error on plesk, work on other
- And this topic show me that the problem was with old plesk (v12)

So, after many tests, this error is between Plesk and Chrome when they try to communicate with SSL

Chrome make auto update, used by a majority of people, we have more 150 website down.
I hope we will find a solution.
 
You should both check your CA certs/root certificats on your operating systems. They are probably outdated. For that reason some modern browsers won't work with the SSL configuration of the servers any longer. This is something Plesk cannot fix for you, because it is an operating system issue. I'd also suggest to update to a new operating system and the latest Plesk. You'll for sure solve the SSL issue by doing that and will also get a wealth of improved and added features, plus you won't suffer all the security issues that are known for your outdated operating systems.
 
Hi @pablofrp and @Gsdf

Did you solve this problem ?

I'm now having the same issue with ERR_SSL_PROTOCOL_ERROR messasge, on Chrome.

Server specs:
  • CentOS 6.4 (Final)‬
  • Plesk Onyx Version 17.8.11 Update #94, last updated on July 11, 2023
 
You should both check your CA certs/root certificats on your operating systems.
Hi @Peter Debik
How is that done?


I'd also suggest to update to a new operating system and the latest Plesk. You'll for sure solve the SSL issue by doing that and will also get a wealth of improved and added features, plus you won't suffer all the security issues that are known for your outdated operating systems.
This is something that I'll have to consider and work on, in the future. It has been on my plans for a while, but I never seem to give it the priority it deserves. There's always a plethora of other things that need attention.

Right now, what is important is to be able to find the specific issue and solve it. Can you provide some guidance?
 
Right now, what is important is to be able to find the specific issue and solve it. Can you provide some guidance?
Unfortunately not. I am not familiar with that version of Ubuntu and I have a hard time remembering Plesk 12.x, too. It's just been too long ago.
 
Hi @Peter Debik
How is that done?



This is something that I'll have to consider and work on, in the future. It has been on my plans for a while, but I never seem to give it the priority it deserves. There's always a plethora of other things that need attention.

Right now, what is important is to be able to find the specific issue and solve it. Can you provide some guidance?
On my side, the person who takes care of our hosting seems to be testing Ubuntu versions. Otherwise, the certificate is too old.
I don't have all the info yet. I'm not sure where things stand, our sites are working again for the moment, but that's not my area of expertise.
The OS update seems important, but I'm not sure.
 
From what I understand, Chrome will look for a root certificate at a higher level than usual, so old systems like ours are considered invalid, which invalidates all certificates below them.
I've seen the same problem on older macOS. At the time when we could see the details of the certificates on Chrome, where I had 3, on the Mac it showed 4. The extra certificate was at a higher level than the others, and as it had expired, all the others, although valid, were considered invalid.
The problem here seems similar.
 
The OS update seems important, but I'm not sure.

From what I've read on Chromium bugs, the culprit seems to be an old version of OpenSSL. But I haven't seen specific instructions on how to update it on CentOS 6.4. I'll research further.

If you find something please share.
 
Centos 6.x, that was even before I started into hosting servers. That is so very ancient that I am not sure if it makes any sense at all to continue using it. We're now on RHEL 8 at least with many users already using RHEL 9, such as Alma Linux 9. Would it not be the best solution to spin up a new server, put a fresh Plesk on it and then migrate the installation using Plesk Migrator? Migration from 17.8 to 18.0.55 is possible.
 
Centos 6.x, that was even before I started into hosting servers. That is so very ancient that I am not sure if it makes any sense at all to continue using it. We're now on RHEL 8 at least with many users already using RHEL 9, such as Alma Linux 9. Would it not be the best solution to spin up a new server, put a fresh Plesk on it and then migrate the installation using Plesk Migrator? Migration from 17.8 to 18.0.55 is possible.
Definitely better!
But feasible right now? In my specific case, no (for a few reasons).
 
Yes, we have found a solution.

Thanks to Peter Debik, thank you.

They put us on the right track and forced us to renew the root certificates and reinstall the Let's Encrypt certificates.

Unfortunately, I wouldn't be able to say what action exactly corrected the problem.

Here are some voices we followed:

www.jdeen.com/blog/ubuntu-12-04-client-letsencrypt-dst_root_ca_x3-expiry-openssl-fix

so yes it is possible

Good luck


(and fort update openssl but I think its not necesay : How to install OpenSSL 1.1.1 and libSSL package?)
 
Back
Top