We were setting up SSL for the website rskolkata.com. We first set up Cloudflare for the site. Everything was okay in Cloudflare site including DNS server settings. However, something happened which corrupted SSL certificates across the whole network. We tried to access the website in ubuntu 20.10 and windows 10 in all the machines in the network in all the browsers (Chrome, Mozilla, Opera) in both normal mode and incognito mode. We always get the error ERR_SSL_PROTOCOL_ERROR
in Chrome and in Mozilla, the error is SSL_ERROR_INTERNAL_ERROR_ALERT
. We tried the following command in Ubuntu:
sudo apt-get install --reinstall ca-certificates
This worked on a machine (say machine A) outside the affected network (but the same machine which was initially in the corrupted network). When we tried the same command on the Ubuntu machines on the affected network it did not work. We also tried to clear the SSL state in Chrome on Windows machine which did not work. Then we tried the following:
sudo apt-get -f install
# stop if you saw any errors
sudo dpkg --purge --force-depends ca-certificates
sudo apt-get -f install
We tried the above, which also failed to solve the issue.
The website opens without any issue outside the affected network.
We checked the website up status in the website https://www.websiteplanet.com/webtools/ which shows the site is running. The SSL is working properly.
The 'machine A' when brought to the affected network again, starts to give the error again.
However, as we are the developer for the site we need to access the site from our office network. Please suggest a solution.
UPDATE 1:
Ctrl + Shift + K
on firefox gives An error occurred: SSL_ERROR_INTERNAL_ERROR_ALERT
$ curl -vk https://rskolkata.com
Output:
* Trying 151.106.116.81:443...
* TCP_NODELAY set
* Connected to rskolkata.com (151.106.116.81) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
'dig rskolkata.com` gives the following output:
dig rskolkata.com
; <<>> DiG 9.16.6-Ubuntu <<>> rskolkata.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29471
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;rskolkata.com. IN A
;; ANSWER SECTION:
rskolkata.com. 6794 IN A 151.106.116.81
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Jan 22 14:25:50 IST 2021
;; MSG SIZE rcvd: 58
And and dig +trace rskolkata.com
gives following output:
; <<>> DiG 9.16.6-Ubuntu <<>> +trace rskolkata.com
;; global options: +cmd
. 238434 IN NS k.root-servers.net.
. 238434 IN NS b.root-servers.net.
. 238434 IN NS h.root-servers.net.
. 238434 IN NS j.root-servers.net.
. 238434 IN NS e.root-servers.net.
. 238434 IN NS m.root-servers.net.
. 238434 IN NS c.root-servers.net.
. 238434 IN NS f.root-servers.net.
. 238434 IN NS d.root-servers.net.
. 238434 IN NS a.root-servers.net.
. 238434 IN NS g.root-servers.net.
. 238434 IN NS i.root-servers.net.
. 238434 IN NS l.root-servers.net.
;; Received 262 bytes from 127.0.0.53#53(127.0.0.53) in 3 ms
rskolkata.com. 12530 IN A 151.106.116.81
rskolkata.com. 72951 IN NS ns1.dns-parking.com.
rskolkata.com. 72951 IN NS ns2.dns-parking.com.
;; Received 222 bytes from 199.7.91.13#53(d.root-servers.net) in 0 ms
The DNS name server is dimitris.ns.cloudflare.com
and IP 172.67.138.143
as can be seen in https://mxtoolbox.com/
question from:
https://stackoverflow.com/questions/65840959/err-ssl-protocol-error-issue-across-whole-network