SSL ERROR UNRECOGNIZED NAME ALERT when trying to use https

Nathan5471 · May 21, 2024, 1:05am

1. The problem I’m having:

I have recently changed modem and now I have a new public IP. After this I changed where my domain name is pointing and now I am getting a “SSL_ERROR_UNRECOGNIZED_NAME_ALERT” error when trying to load my pages.

2. Error messages and/or full log output:

*   Trying 184.170.81.72:443...
* Connected to jellyfin.nathans.live (184.170.81.72) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, unrecognized name (624):
* error:0A000458:SSL routines::tlsv1 unrecognized name
* Closing connection 0
curl: (35) error:0A000458:SSL routines::tlsv1 unrecognized name

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 22.04.4 LTS (This is the Server edition of Ubuntu)

b. Command:

I am using the Caddy file, so the only command I use is

systemctl restart caddy

c. Service/unit/compose file:

d. My complete Caddy config:

https://jellyfin.nathans.live {
     php_fastcgi unix//run/php/php8.2-fpm.sock
     reverse_proxy :8096
}

https://browser.nathans.live {
     reverse_proxy :3000
}

5. Links to relevant resources:

Bruce5051 · May 21, 2024, 1:12am

Hi @Nathan5471,

I am unable to connect to the site as it would seem a firewall is filtering Ports 80 & 443.

$ nmap -Pn -p80,443 jellyfin.nathans.live
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-21 01:11 UTC
Nmap scan report for jellyfin.nathans.live (184.170.81.72)
Host is up.

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.49 seconds

Nathan5471 · May 21, 2024, 1:43am

Thanks, it seems that the default firewall setting is medium. I will change that in the morning.

Bruce5051 · May 21, 2024, 8:52pm

Hi @Nathan5471,

Presently I am seeing Port 80 & 443 Open.

$ nmap -Pn -p80,443 jellyfin.nathans.live
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-21 20:36 UTC
Nmap scan report for jellyfin.nathans.live (184.170.81.72)
Host is up (0.094s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.54 seconds

Side note: I am not sure the proper HTTP Response Codes are being used.
Here is what I see using curl. If others say different than what I’ve said, I suggest following their advice over mine.

Here I would have thought a HTTP Response Code of 301

$ curl -i http://jellyfin.nathans.live/
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://jellyfin.nathans.live/
Server: Caddy
Date: Tue, 21 May 2024 20:44:35 GMT
Content-Length: 0

Here too I would have thought a HTTP Response Code of 301

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302

$ curl -i https://jellyfin.nathans.live/
HTTP/2 302
alt-svc: h3=":443"; ma=2592000
date: Tue, 21 May 2024 20:44:41 GMT
location: web/
server: Caddy
server: Kestrel
content-length: 0

This seems fine to me.

(HTTP response status codes - HTTP | MDN)

$ curl -Ii https://jellyfin.nathans.live/web/
HTTP/2 200
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000
content-type: text/html
date: Tue, 21 May 2024 20:44:45 GMT
etag: "1daa89c6396023f"
last-modified: Fri, 17 May 2024 20:54:20 GMT
server: Caddy
server: Kestrel
x-response-time-ms: 0.1615
content-length: 9279

And here is an online tool

Nathan5471 · May 21, 2024, 9:45pm

Is it important for me to try and change any of the responses, I am mostly the only one who uses it?

Bruce5051 · May 21, 2024, 10:10pm

@Nathan5471 probably not. Just more of a FYI.

Nathan5471 · May 21, 2024, 11:08pm

Ok, thanks for all of the help

Bruce5051 · May 21, 2024, 11:17pm

You are welcome @Nathan5471

francislavoie · May 22, 2024, 4:29am

This doesn’t really make sense Jellyfin isn’t PHP, so you shouldn’t have php_fastcgi in there. And either way, reverse_proxy has a higher directive order so it never runs anyway (unless you used request matchers to split the traffic apart).

Anyway, your Jellyfin seems to load just fine for me. Is there really still a problem?

Nathan5471 · May 22, 2024, 10:34am

I think the php thing is from when I was originally setting up the reverse proxy, I was trying things I found on the Jellyfin Forum. And my problem is solved now.

francislavoie · May 22, 2024, 2:10pm

What fixed it?

Nathan5471 · May 22, 2024, 2:23pm

The Arris Surfboard app has a section for port forwarding and when you add a rule, it doesn’t turn on port forwarding for some reason. The app does not tell you port forwarding is off, so you have to go on the web UI and turn on port forwarding.

system · June 21, 2024, 2:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.