I suspect the problem is in our firewall:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-ERR-SSL-PROTOCOL-ERROR-when-using-Flow-based-Deep/ta-p/357555
On Mon, Nov 25, 2024 at 2:44 PM frank picabia wrote:
> I've been struggling with this issue on a couple of our Apache
I've been struggling with this issue on a couple of our Apache servers, but
not all.
In the last week or two, Chrome has updated their browser and that is when
some users
started to experience SSLProtocol error in the browser. Nothing is logged
on the server with normal warn level of logging set.
equest, such as https://IP1/ or
> https://IP2/. However, it is rarely needed by most servers.
>
> For now, you can use *:443, and run apachectl -S to make sure there is no
> overlap before restarting httpd.
>
> On Fri, 20 May 2022 at 07:04, frank picabia wrote:
>
>>
Sorry, that should not have said "top level domains". I meant domains.
Like example.com, example.net.
On Fri, May 20, 2022 at 7:05 AM frank picabia wrote:
>
> It looks like there are two requirements for multiple top level domains
> with SSL
> on the same apache.
>
&g
It looks like there are two requirements for multiple top level domains
with SSL
on the same apache.
1. IP values must be used inside VirtualHost, not *:443
2. All IP values must be unique, even on the same top level domain
Is the above conjecture true?
We have many setup like this example...
> // If you can't use a SAN, then you need to configure all your vhosts as
> IP:443, whereas one vhost uses a separate IP, and the remainder uses the
> second IP.
>
> On Wed, 18 May 2022 at 17:26, frank picabia wrote:
>
>> Sorry, different domain.
>>
>> 300 hos
Sorry, different domain.
300 hosts like *.example1.com
and now we have 1 example2.com
On Wed, May 18, 2022 at 4:31 PM Frank Gingras wrote:
> See if you can add a SAN to that wildcard certificate first.
>
> On Wed, 18 May 2022 at 15:21, frank picabia wrote:
>
>>
>> We
We have a server with over 300 vhosts on it. Marketing/CMS madness I guess.
All on the same domain name. Many VirtualHosts are defined with *:443
and then ServerName to rely on SNI.
We have a wildcard cert for the domain and all the hosts use that.
Now there is a different domain to add for SSL.
