Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. SSL / TLS error on sub.sub.domain.com

SSL / TLS error on sub.sub.domain.com

Scheduled Pinned Locked Moved Solved Support
certificatesletsencryptcloudflare
9 Posts 3 Posters 1.9k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X Offline
      X Offline
      XevoTech
      wrote on last edited by girish
      #1

      Hello,
      I've encountered a problem with one of my apps. Apparently, the SSL / TLS certificate has an error.

      How do I fix this issue?

      Unsupported protocol
      The client and server don't support a common SSL protocol version or cipher suite.
      

      Best regards,
      Jimmi Hansen
      XevoTech

      1 Reply Last reply
      0
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        @XevoTech The issue could either be cert is expired (server issue) or your client does not support the cipher suite that the cert requires (client issue).

        Does the site itself work on the desktop browser? Have you tried another browser? Can you also try clearing the browser cache for the domain and try? The latter is because we did indeed change the cipher suites in the recent Cloudron version to be more secure. Maybe the browser is hanging on to an old cert because of cert pinning. This will rule out server issue.

        To renew the cert, you can also go to Domain -> Renew Certs. Can you see any error in the logs?

        X 1 Reply Last reply
        0
        • girishG girish

          @XevoTech The issue could either be cert is expired (server issue) or your client does not support the cipher suite that the cert requires (client issue).

          Does the site itself work on the desktop browser? Have you tried another browser? Can you also try clearing the browser cache for the domain and try? The latter is because we did indeed change the cipher suites in the recent Cloudron version to be more secure. Maybe the browser is hanging on to an old cert because of cert pinning. This will rule out server issue.

          To renew the cert, you can also go to Domain -> Renew Certs. Can you see any error in the logs?

          X Offline
          X Offline
          XevoTech
          wrote on last edited by
          #3

          @girish

          I've tried to use two different browsers as well as their incognito version, and it still doesn't work. And I've cleared my browser data. I do see one error, but it has to do with another domain? Could that be the reason?

          Also, thanks for the fast response.

          1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by girish
            #4

            @XevoTech Can you see if Domains -> Renew all certs gives any error (you have to check the logs after you click that button to see if it's failing or not)?

            1 Reply Last reply
            0
            • X Offline
              X Offline
              XevoTech
              wrote on last edited by
              #5

              I think it is erroring, this is what I get from the logs

              2020-05-13T16:23:25.073Z box:tasks 3475: {"percent":105,"message":"Renewing certs of wiki.staff.xevotech.com"}
              2020-05-13T16:23:25.091Z box:reverseproxy ensureCertificate: wiki.staff.xevotech.com certificate already exists at /home/yellowtent/boxdata/certs/_.staff.xevotech.com.key
              2020-05-13T16:23:25.100Z box:reverseproxy isExpiringSync: /home/yellowtent/boxdata/certs/_.staff.xevotech.com.cert Certificate will not expire 0
              2020-05-13T16:23:25.110Z box:reverseproxy providerMatchesSync: /home/yellowtent/boxdata/certs/_.staff.xevotech.com.cert subject=CN = *.staff.xevotech.com domain=*.staff.xevotech.com issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 wildcard=true/true prod=true/true match=true
              2020-05-13T16:23:25.110Z box:tasks 3475: {"percent":109,"message":"Renewing certs of pass.xevotech.com"}
              2020-05-13T16:23:25.125Z box:reverseproxy ensureCertificate: pass.xevotech.com certificate already exists at /home/yellowtent/boxdata/certs/_.xevotech.com.key
              2020-05-13T16:23:25.140Z box:reverseproxy isExpiringSync: /home/yellowtent/boxdata/certs/_.xevotech.com.cert Certificate will not expire 0
              2020-05-13T16:23:25.154Z box:reverseproxy providerMatchesSync: /home/yellowtent/boxdata/certs/_.xevotech.com.cert subject=CN = *.xevotech.com domain=*.xevotech.com issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 wildcard=true/true prod=true/true match=true
              2020-05-13T16:23:25.154Z box:reverseproxy renewCerts: Renewed certs of []
              2020-05-13T16:23:25.154Z box:tasks setCompleted - 3475: {"result":null,"error":null}
              2020-05-13T16:23:25.155Z box:tasks 3475: {"percent":100,"result":null,"error":null}
              
              1 Reply Last reply
              0
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #6

                @XevoTech It seems the certs are OK. Can you do systemctl restart nginx on the server? I suspect the certs are valid but nginx has not read the latest certs (for some reason).

                1 Reply Last reply
                0
                • girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #7

                  @XevoTech Oh, I just checked the domains and it seems that your sites are fronted by Cloudflare? So, it is some issue with Cloudflare certs and not Cloudron. Can you disable http proxying in Cloudflare and see if it works? If so, then, you have to contact Cloudflare support.

                  X 1 Reply Last reply
                  0
                  • girishG girish

                    @XevoTech Oh, I just checked the domains and it seems that your sites are fronted by Cloudflare? So, it is some issue with Cloudflare certs and not Cloudron. Can you disable http proxying in Cloudflare and see if it works? If so, then, you have to contact Cloudflare support.

                    X Offline
                    X Offline
                    XevoTech
                    wrote on last edited by
                    #8

                    @girish I will do both, and then come back to you and say what help and what didn't

                    1 Reply Last reply
                    0
                    • X Offline
                      X Offline
                      XevoTech
                      wrote on last edited by XevoTech
                      #9

                      So, it seems like giving the app a "relocation" by pressing the save button under the Location config tab & a quick Cloudflare proxy off-on, and then some time is the fix.

                      EDIT
                      So it is Cloudflare that is the problem and not Cloudron. Specifically their proxy

                      1 Reply Last reply
                      2
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search