You may have come across the following error while trying to setup SSL certificates on Apache:
Error code: ssl_error_rx_record_too_long(Firefox) or Internet Explorer cannot display the webpage (IE)
More often than not, you have something mis-configured (Likely the listening port: 443). First, make sure that your firewall or iptables allows incoming connections on 443 (command shown on Ubuntu):
#sudo ufw allow 443
That may not have fixed your problem, but now try going to the following address:
http://www.domain.tld:443
If you’ve successfully seen something at the above page, it means your sites are listening on that port for non-ssl. I’ll assume that your apache virtual host file has something along the lines of:
NameVirtualHost *
What you’re going to want to do is force your vhosts to listen specifically on the proper ports. Change the above line to the following:
NameVirtualHost *:80
If you’re using Ubuntu your ports.conf file should likely have 443 enabled on the listening port. You may also have default-ssl listed in your /etc/apache2/sites-available/ folder, in which case you may want to enable that:
#sudo a2ensite /etc/apache2/sites-available/default-ssl
Basically, that file has the following inside of it:
... your server name / document root ... SSLEngine on SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
While you can use a single “shared” SSL certificate for multiple hosts, if each host needs its own SSL, they will need static IP addresses.
Other recommendations:
- Ensure that port
443is open and enabled on your server. This is the standard port for HTTPS communications. - If SSL is using a non-standard port then Firefox 3 can sometimes give this error. Ensure SSL is running on port
443. - If using Apache2 check that you are using port
443for SSL. This can be done by setting theports.conffile as follows:Listen 80 Listen 443 https
- Make sure you do not have more than one SSL certificate sharing the same IP address. Please ensure that all SSL certificates utilize their own dedicated IP address.
- If using Apache2 check your
vhostconfig. Some users have reported changing to_default_resolved the error.
