SSL ERR_SSL_PROTOCOL_ERROR

Philaupatte
Les bases HTML/CSS
Outils Linux

Bonjour,
J'ai cherché, cherché, je tourne en rond. Vos avis me seront précieux.
J'ai un domaine "philaupatte.com" chez I0NOS et un certificat associé
Ce domaine est redirigé sur ma freebox qui a une addresse IP fixe
Les ports 80 et 443 sont redirigé sur mon server Débian qui embarque Apache2
Le certificat chez IONOS est activé et j'ai 3 fichiers :
Un fichier Clé
Un fichier CER (certificat)
Un fichier intermédiaire CER

J'ai activé le SSL sur mon serveur Apache. Un Vhost en 443 avec les 3 définitions.
SSLCertificateFile /etc/certificates/philaupatte.com/philaupatte.com_ssl_certificate.cer
SSLCertificateKeyFile /etc/certificates/philaupatte.com/philaupatte.com_private_key.key
SSLCertificateChainFile /etc/certificates/philaupatte.com/philaupatte.com_ssl_certificate_intermediate.cer

Le ssl est bien activé.

https://www.philaupatte.com ERR-SSL_PROTOCOL_ERROR

Aussi j'ai cherché sur le serveur avec openssl et curl

openssl s_client -msg -security_debug_verbose -connect www.philaupatte.com:443
Résultat :
CONNECTED(00000003)
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Signature Algorithm mask scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Signature Algorithm mask scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Signature Algorithm mask digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Supported Ciphersuite=TLS_AES_256_GCM_SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=TLS_CHACHA20_POLY1305_SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=TLS_AES_128_GCM_SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA, security bits=128: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Signature Algorithm mask scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Signature Algorithm mask scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Signature Algorithm mask digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Supported Ciphersuite=TLS_AES_256_GCM_SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=TLS_CHACHA20_POLY1305_SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=TLS_AES_128_GCM_SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA, security bits=128: yes
Security callback: Supported Curve=X25519, security bits=128: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Signature Algorithm mask scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Signature Algorithm mask scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Signature Algorithm mask digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Supported Ciphersuite=TLS_AES_256_GCM_SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=TLS_CHACHA20_POLY1305_SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=TLS_AES_128_GCM_SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-CHACHA20-POLY1305, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=ECDHE-ECDSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=ECDHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=DHE-RSA-AES128-SHA, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-GCM-SHA384, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-GCM-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA256, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA256, security bits=128: yes
Security callback: Supported Ciphersuite=AES256-SHA, security bits=256: yes
Security callback: Supported Ciphersuite=AES128-SHA, security bits=128: yes
Security callback: Supported Curve=X25519, security bits=128: yes
Security callback: Supported Curve=X25519, security bits=128: yes
Security callback: Supported Curve=P-256, security bits=128: yes
Security callback: Supported Curve=X448, security bits=224: yes
Security callback: Supported Curve=P-521, security bits=256: yes
Security callback: Supported Curve=P-384, security bits=192: yes
Security callback: Supported Curve=ffdhe2048, security bits=112: yes
Security callback: Supported Curve=ffdhe3072, security bits=128: yes
Security callback: Supported Curve=ffdhe4096, security bits=128: yes
Security callback: Supported Curve=ffdhe6144, security bits=128: yes
Security callback: Supported Curve=ffdhe8192, security bits=192: yes
Security callback: : yes
Security callback: Supported Signature Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=ecdsa_secp384r1_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=ecdsa_secp521r1_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm scheme=ed25519, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=ed448, security bits=224: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_pss_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_pss_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_rsae_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_rsae_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=rsa_pss_rsae_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha256, security bits=128: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha384, security bits=192: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha512, security bits=256: yes
Security callback: Supported Signature Algorithm digest=SHA224, algorithm=ECDSA, security bits=112: yes
Security callback: Supported Signature Algorithm scheme=ecdsa_sha1, security bits=64: no
Security callback: Supported Signature Algorithm digest=SHA224, algorithm=RSA, security bits=112: yes
Security callback: Supported Signature Algorithm scheme=rsa_pkcs1_sha1, security bits=64: no
Security callback: Supported Signature Algorithm digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Supported Signature Algorithm digest=SHA1, algorithm=DSA, security bits=64: no
Security callback: Supported Signature Algorithm digest=SHA256, algorithm=DSA, security bits=128: yes
Security callback: Supported Signature Algorithm digest=SHA384, algorithm=DSA, security bits=192: yes
Security callback: Supported Signature Algorithm digest=SHA512, algorithm=DSA, security bits=256: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.1: yes
Security callback: Version=TLS 1.0: yes
Security callback: Supported Curve=X25519, security bits=128: yes

TLS 1.0, RecordHeader [length 0005]
16 03 01 01 40
TLS 1.3, Handshake [length 0140], ClientHello
01 ...........................................................................................18
TLS 1.0, RecordHeader [length 0005]
15 03 01 00 02
TLS 1.3, Alert [length 0002], fatal decode_error
02 32
40D7CFBA627F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:303: no peer certificate available No client certificate CA names sent SSL handshake has read 0 bytes and written 332 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

curl --trace /var/log/curl/trace.log https://www.philaupatte.com
== Info: Trying [2001:8d8:100f:f000::200]:443...
== Info: Connected to www.philaupatte.com (2001:8d8:100f:f000::200) port 443 (#0)
== Info: ALPN: offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00 .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 c8 60 bd 40 e1 52 25 29 0c 84 .......`.@.R%)..
0010: .................................................................
......................................................................
01f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
== Info: CAfile: /etc/ssl/certs/ca-certificates.crt
== Info: CApath: /etc/ssl/certs
<= Recv SSL data, 5 bytes (0x5)
0000: 15 03 03 00 02 .....
== Info: TLSv1.3 (IN), TLS alert, internal error (592):
<= Recv SSL data, 2 bytes (0x2)
0000: 02 50 .P
== Info: OpenSSL/3.0.11: error:0A000438:SSL routines::tlsv1 alert internal error
== Info: Closing connection 0

Pour finir j'ai ajouter le certificat dans le Custom Root mais rien n'y fait, j'ai appelé IONOS mais il n'y a pas de support quand vous héberger votre site.

merci d'avance.

Aucune réponse