• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question ERR_SSL_PROTOCOL_ERROR only witch Chrome

P

pablofrp

Basic Pleskian
Server operating system version
Unbuntu 12
Plesk version and microupdate number
12.5.30 Update no. 79, last updated at 11 Jul 2023
Hello

On one of our servers no suite works only with Chrome, which is very annoying.

We tested SSL certificates with sslshopper and ssllabs

Everything is OK.

It's an Unbuntu 12 (I know it's old but no choice)

And Pesk's version is:
Plesk 12.5.30
Laste update : n 79

Do you have any ideas or ideas?

Tanks you

Pablo
 
Hi Pablo, no solution but we have the same problem (same version too)
OS ‪Ubuntu 12.04.5 LTS‬
Version de Plesk 12.5.30 Mise à jour n° 79
I'm just a developer, I made many test :
- DNS with our registrar (network solution) or other => error
- test our code solution or WP or PrestaShop => error
- test without SSL => Work
- test with "default certificat" => we has got page to prevent we will enter in an unsecured website, if we accept risk, ERROR
If the website has a valid certificate, we have got the error immediately
- Any version of PHP used (5.3 (olds projects) or +) => error
- Same DNS but sub-domains on other server => Error on plesk, work on other
- And this topic show me that the problem was with old plesk (v12)

So, after many tests, this error is between Plesk and Chrome when they try to communicate with SSL

Chrome make auto update, used by a majority of people, we have more 150 website down.
I hope we will find a solution.
 
You should both check your CA certs/root certificats on your operating systems. They are probably outdated. For that reason some modern browsers won't work with the SSL configuration of the servers any longer. This is something Plesk cannot fix for you, because it is an operating system issue. I'd also suggest to update to a new operating system and the latest Plesk. You'll for sure solve the SSL issue by doing that and will also get a wealth of improved and added features, plus you won't suffer all the security issues that are known for your outdated operating systems.
 
Hi @pablofrp and @Gsdf

Did you solve this problem ?

I'm now having the same issue with ERR_SSL_PROTOCOL_ERROR messasge, on Chrome.

Server specs:
  • CentOS 6.4 (Final)‬
  • Plesk Onyx Version 17.8.11 Update #94, last updated on July 11, 2023
 
Peter Debik said:
You should both check your CA certs/root certificats on your operating systems.
Click to expand...
Hi @Peter Debik
How is that done?


Peter Debik said:
I'd also suggest to update to a new operating system and the latest Plesk. You'll for sure solve the SSL issue by doing that and will also get a wealth of improved and added features, plus you won't suffer all the security issues that are known for your outdated operating systems.
Click to expand...
This is something that I'll have to consider and work on, in the future. It has been on my plans for a while, but I never seem to give it the priority it deserves. There's always a plethora of other things that need attention.

Right now, what is important is to be able to find the specific issue and solve it. Can you provide some guidance?
 
IAR said:
Right now, what is important is to be able to find the specific issue and solve it. Can you provide some guidance?
Click to expand...
Unfortunately not. I am not familiar with that version of Ubuntu and I have a hard time remembering Plesk 12.x, too. It's just been too long ago.
 
IAR said:
Hi @Peter Debik
How is that done?



This is something that I'll have to consider and work on, in the future. It has been on my plans for a while, but I never seem to give it the priority it deserves. There's always a plethora of other things that need attention.

Right now, what is important is to be able to find the specific issue and solve it. Can you provide some guidance?
Click to expand...
On my side, the person who takes care of our hosting seems to be testing Ubuntu versions. Otherwise, the certificate is too old.
I don't have all the info yet. I'm not sure where things stand, our sites are working again for the moment, but that's not my area of expertise.
The OS update seems important, but I'm not sure.
 
From what I understand, Chrome will look for a root certificate at a higher level than usual, so old systems like ours are considered invalid, which invalidates all certificates below them.
I've seen the same problem on older macOS. At the time when we could see the details of the certificates on Chrome, where I had 3, on the Mac it showed 4. The extra certificate was at a higher level than the others, and as it had expired, all the others, although valid, were considered invalid.
The problem here seems similar.
 
Gsdf said:
The OS update seems important, but I'm not sure.
Click to expand...

From what I've read on Chromium bugs, the culprit seems to be an old version of OpenSSL. But I haven't seen specific instructions on how to update it on CentOS 6.4. I'll research further.

If you find something please share.
 
Centos 6.x, that was even before I started into hosting servers. That is so very ancient that I am not sure if it makes any sense at all to continue using it. We're now on RHEL 8 at least with many users already using RHEL 9, such as Alma Linux 9. Would it not be the best solution to spin up a new server, put a fresh Plesk on it and then migrate the installation using Plesk Migrator? Migration from 17.8 to 18.0.55 is possible.
 
Peter Debik said:
Centos 6.x, that was even before I started into hosting servers. That is so very ancient that I am not sure if it makes any sense at all to continue using it. We're now on RHEL 8 at least with many users already using RHEL 9, such as Alma Linux 9. Would it not be the best solution to spin up a new server, put a fresh Plesk on it and then migrate the installation using Plesk Migrator? Migration from 17.8 to 18.0.55 is possible.
Click to expand...
Definitely better!
But feasible right now? In my specific case, no (for a few reasons).
 
Yes, we have found a solution.

Thanks to Peter Debik, thank you.

They put us on the right track and forced us to renew the root certificates and reinstall the Let's Encrypt certificates.

Unfortunately, I wouldn't be able to say what action exactly corrected the problem.

Here are some voices we followed:

www.jdeen.com/blog/ubuntu-12-04-client-letsencrypt-dst_root_ca_x3-expiry-openssl-fix

Chain of Trust - Let's Encrypt

Root Certificates Our roots are kept safely offline. We issue end-entity certificates to subscribers from the intermediates in the next section. For additional compatibility as we submit our new Root X2 to various root programs, we have also cross-signed it from Root X1. Active ISRG Root X1...
letsencrypt.org

so yes it is possible

Good luck


(and fort update openssl but I think its not necesay : How to install OpenSSL 1.1.1 and libSSL package?)
 
You must log in or register to reply here.

Similar threads

Dukemaster
Resolved HSTS doesn't work anymore
2
Replies
33
Views
8K
virtubox
virtubox
Dukemaster
Input PLESK reaches the stars with only Nginx + HSTS (390%)
Replies
1
Views
2K
mr-wolf
M
J
How to start your online store with WooCommerce
Replies
0
Views
3K
joerg
J
AbramS
[PPP-13673] New SSL Certificate produces nginx/apache configuration errors
2
Replies
28
Views
13K
Ilya
I
S
Centos 6 x64 & Plesk 10.4 & Fcgi & Session Problem
Replies
0
Views
2K
slayer1ss
S
Back
Top