Update 20.7.6 to 20.7.7 Update ERR_SSL_PROTOCOL_ERROR

Started by george09, December 18, 2020, 08:53:25 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
January 29, 2021, 05:58:17 PM #30 Last Edit: January 30, 2021, 01:14:07 AM by Julien
Guys I am stuck at 21.1
the gui is gone again
when I try the
Code Select
opnsense-revert -r 20.7.6 lighttpd && configctl webgui restart it does fail I guess 20.7.6 won't works with 21.1
anyone got a suggestion to restore the box?
DEC4240 – OPNsense Owner
January 30, 2021, 12:21:22 PM #31
I'd like to point out you opened a new thread in Forums " 21.1 Production Series":
https://forum.opnsense.org/index.php?topic=21189.0
January 30, 2021, 01:33:09 PM #32
Also here:

https://github.com/opnsense/changelog/blob/61a2138a8ca2a12acabe80a6903e4aa6facc4368/doc/21.1/21.1#L46

Recover from bad certificate from console has never been easier.


Cheers,
Franco
February 06, 2021, 09:13:55 AM #33
I was able to upgrade from 20.7.8_4 to 21.1 without any issues this time, so for me clearing house on the all the CA and generated certificates for the old Let's Encrypt CAs sorted it out.
February 20, 2021, 04:43:14 AM #34
lighttpd developer here.   lighttpd developers generally fix issues very quickly IFF those issues are reported to the lighttpd developers at https://redmine.lighttpd.net/projects/lighttpd/issues

When configuring certificates in lighttpd, please include the intermediate certificates.  Let's Encrypt provides fullchain.pem, and that is the file that should be configured for lighttpd to use.
Code Select

    ssl.privkey= "/etc/lighttpd/certs/www.example.com/privkey.pem"
    ssl.pemfile= "/etc/lighttpd/certs/www.example.com/fullchain.pem"


There is extensive documentation for how to configure lighttpd TLS modules:
https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToSimpleSSL
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL
February 01, 2022, 06:55:58 AM #35
When a browser shows the Err_ssl_protocol_error, it indicates the browser is no longer able to access or initiate the secured communication. There is no definite guide for managing this error. Follow given steps to resolve this error from Client side:


  • Try correcting the system date and time.
  • Try clearing Google Chrome browsing data.
  • Try clearing your SSL State.
  • Try disabling the QUIC Protocol.
  • Try checking your antivirus settings.
  • Try enabling all SSL/TLS versions. 
 
Also, this error is because of the following aerver side problems:


  • Invalid SSL or SSL is untrusted (self-signed)
  • SSL Not installed properly
  • Old Technology or SSL/TLS version for encryption

Print
Go Up Pages 1 2 3
User actions