Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved SSL / TLS error on sub.sub.domain.com

    Support
    certificates letsencrypt cloudflare
    2
    9
    488
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      XevoTech last edited by girish

      Hello,
      I've encountered a problem with one of my apps. Apparently, the SSL / TLS certificate has an error.

      How do I fix this issue?

      Unsupported protocol
      The client and server don't support a common SSL protocol version or cipher suite.
      

      Best regards,
      Jimmi Hansen
      XevoTech

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        @XevoTech The issue could either be cert is expired (server issue) or your client does not support the cipher suite that the cert requires (client issue).

        Does the site itself work on the desktop browser? Have you tried another browser? Can you also try clearing the browser cache for the domain and try? The latter is because we did indeed change the cipher suites in the recent Cloudron version to be more secure. Maybe the browser is hanging on to an old cert because of cert pinning. This will rule out server issue.

        To renew the cert, you can also go to Domain -> Renew Certs. Can you see any error in the logs?

        X 1 Reply Last reply Reply Quote 0
        • X
          XevoTech @girish last edited by

          @girish

          I've tried to use two different browsers as well as their incognito version, and it still doesn't work. And I've cleared my browser data. I do see one error, but it has to do with another domain? Could that be the reason?

          Also, thanks for the fast response.

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff last edited by girish

            @XevoTech Can you see if Domains -> Renew all certs gives any error (you have to check the logs after you click that button to see if it's failing or not)?

            1 Reply Last reply Reply Quote 0
            • X
              XevoTech last edited by

              I think it is erroring, this is what I get from the logs

              2020-05-13T16:23:25.073Z box:tasks 3475: {"percent":105,"message":"Renewing certs of wiki.staff.xevotech.com"}
              2020-05-13T16:23:25.091Z box:reverseproxy ensureCertificate: wiki.staff.xevotech.com certificate already exists at /home/yellowtent/boxdata/certs/_.staff.xevotech.com.key
              2020-05-13T16:23:25.100Z box:reverseproxy isExpiringSync: /home/yellowtent/boxdata/certs/_.staff.xevotech.com.cert Certificate will not expire 0
              2020-05-13T16:23:25.110Z box:reverseproxy providerMatchesSync: /home/yellowtent/boxdata/certs/_.staff.xevotech.com.cert subject=CN = *.staff.xevotech.com domain=*.staff.xevotech.com issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 wildcard=true/true prod=true/true match=true
              2020-05-13T16:23:25.110Z box:tasks 3475: {"percent":109,"message":"Renewing certs of pass.xevotech.com"}
              2020-05-13T16:23:25.125Z box:reverseproxy ensureCertificate: pass.xevotech.com certificate already exists at /home/yellowtent/boxdata/certs/_.xevotech.com.key
              2020-05-13T16:23:25.140Z box:reverseproxy isExpiringSync: /home/yellowtent/boxdata/certs/_.xevotech.com.cert Certificate will not expire 0
              2020-05-13T16:23:25.154Z box:reverseproxy providerMatchesSync: /home/yellowtent/boxdata/certs/_.xevotech.com.cert subject=CN = *.xevotech.com domain=*.xevotech.com issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 wildcard=true/true prod=true/true match=true
              2020-05-13T16:23:25.154Z box:reverseproxy renewCerts: Renewed certs of []
              2020-05-13T16:23:25.154Z box:tasks setCompleted - 3475: {"result":null,"error":null}
              2020-05-13T16:23:25.155Z box:tasks 3475: {"percent":100,"result":null,"error":null}
              
              1 Reply Last reply Reply Quote 0
              • girish
                girish Staff last edited by

                @XevoTech It seems the certs are OK. Can you do systemctl restart nginx on the server? I suspect the certs are valid but nginx has not read the latest certs (for some reason).

                1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff last edited by

                  @XevoTech Oh, I just checked the domains and it seems that your sites are fronted by Cloudflare? So, it is some issue with Cloudflare certs and not Cloudron. Can you disable http proxying in Cloudflare and see if it works? If so, then, you have to contact Cloudflare support.

                  X 1 Reply Last reply Reply Quote 0
                  • X
                    XevoTech @girish last edited by

                    @girish I will do both, and then come back to you and say what help and what didn't

                    1 Reply Last reply Reply Quote 0
                    • X
                      XevoTech last edited by XevoTech

                      So, it seems like giving the app a "relocation" by pressing the save button under the Location config tab & a quick Cloudflare proxy off-on, and then some time is the fix.

                      EDIT
                      So it is Cloudflare that is the problem and not Cloudron. Specifically their proxy

                      1 Reply Last reply Reply Quote 2
                      • First post
                        Last post
                      Powered by NodeBB