I am trying to run a REST api written in asp.net on Ubuntu using apache. It runs as expected on HTTP, but when I switch to HTTPS it doesn’t work.
In Firefox, I get SSL_ERROR_NO_CYPHER_OVERLAP.
Running curl https://api.objectdb.wexosmk.xyz
, I get
curl: (35) OpenSSL/3.0.13: error:0A000410:SSL routines::sslv3 alert handshake failure
In the DNS record, Cloudflare says that the hostname is not covered by a certificate.
I have working certificates for other subdomains (for instance https://objectdb.wexosmk.xyz), so it is a specific issue to this application.
I generated the certificate with certbot -d api.objectdb.wexosmk.xyz
.
The HTTP virtual host looks like the following:
<VirtualHost *:80>
ServerName api.objectdb.wexosmk.xyz
ServerAdmin ...
ProxyPreserveHost On
ProxyPass / http://localhost:6500/
ProxyPassReverse / http://localhost:6500/
ErrorLog ${APACHE_LOG_DIR}/object-db-api-error.log
CustomLog ${APACHE_LOG_DIR}/object-db-api-access.log combine
RewriteEngine on
RewriteCond %{SERVER_NAME} =api.objectdb.wexosmk.xyz
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The HTTPS virtual host look like this (generated by certbot):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName api.objectdb.wexosmk.xyz
ServerAdmin ...
ProxyPreserveHost On
ProxyPass / http://localhost:6500/
ProxyPassReverse / http://localhost:6500/
ErrorLog ${APACHE_LOG_DIR}/object-db-error.log
CustomLog ${APACHE_LOG_DIR}/object-db-access.log combine
RewriteEngine On
SSLCertificateFile /etc/letsencrypt/live/api.objectdb.wexosmk.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.objectdb.wexosmk.xyz/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I also tried adding the following lines to the HTTPS virtual host with no success:
ProxyRequests Off
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
Maybe it’s an issue with the asp.net application?