Error code: ssl_error_rx_record_too_long on nginx ubuntu server

Question

I have a site which was perfectly running with apache on some old ubuntu server and also has https for it. But now for some reasons i need to move to different(new ubuntu server with high configuration) server and trying to serve my site using Nginx, and so installed nginx (nginx/1.4.6 (Ubuntu)). Below is my nginx.conf file settings

server {
  listen 8005;

  location / {
    proxy_pass http://127.0.0.1:8001;
  }

  location /static/ {
    alias /root/apps/project/static/;
  }

  location /media/ {
    alias  /root/apps/media/;
  }

}

# Https Server
server {
      listen 443;
      location / {
#            proxy_set_header Host $host;
#            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#            proxy_set_header X-Forwarded-Protocol $scheme;
#            proxy_set_header X-Url-Scheme $scheme;
#            proxy_redirect off;
            proxy_pass http://127.0.0.1:8001;
         }
      server_tokens off;

      ssl                  on;
      ssl_certificate      /etc/ssl/certificates/project.com.crt;
      ssl_certificate_key  /etc/ssl/certificates/www.project.com.key;
      ssl_session_timeout  20m;
      ssl_session_cache    shared:SSL:10m;  # ~ 40,000 sessions
      ssl_protocols        SSLv3 TLSv1; # SSLv2
      ssl_ciphers          ALL:!aNull:!eNull:!SSLv2:!kEDH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP:@STRENGTH;
      ssl_prefer_server_ciphers on;


}

Since i was already having https certificate(project.com.crt) and key(www.project.com.key) running on another server, i had just copied them to new server(which does not contain any domain as of now, and has only IP) and placed in at path /etc/ssl/certificates/ and trying to use them directly. Now i had restarted Nginx and tried to access my IP 23.xxx.xxx.xx:8005 with https:// 23.xxx.xxx.xx:8005 and i am getting the below error in firefox

Secure Connection Failed

An error occurred during a connection to 23.xxx.xxx.xx:8005. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

But when i access the IP without https, i can able to serve my site.

So whats wrong with my Https settings in the above nginx conf file ? Whether we can't serve the certificate files by simply copying and pasting at some folder ? do we need to create any extra certificate for my new server ?

Answer 1

Change

listen 443;

to

listen 443 ssl;

and get rid of this line

ssl on;

That should fix your SSL issue, but it looks like you have several issues in your configuration.

Answer 2

So whats wrong with my Https settings in the above nginx conf file ?

You don't have a SSL/TLS server listening on the port the client is trying to connect to. The ssl_error_rx_record_too_long occurs because the client's SSL stack is trying to interpret a HTTP response as SSL/TLS data. A Wireshark trace should confirm the issue. Look at the raw bytes (follow the stream).

I don't know why the configuration is not correct. Perhaps someone with Nginx config experience can help. Or, the folks on Server Fault or Webmaster Stack Exchange.

Answer 3

This problem happens when the Client gets non-SSL content over SSL connection. the Server send HTTP content but the client awaits HTTPS content. You can check two main things to fix it, but it can caused by another side effects too.

Make sure you put ssl on listen directive;

listen [PORT_NUMBER] ssl;

Check your Host IP Address you tried to connect. DNS can be correct but maybe you have another point on your hosts file or your local DNS server.