I can't access pĥpmyadmin anymore on https://ks307144.kimsufi.com/phpmyadmin/index.php Gives an error message: Code: SSL_ERROR_RX_RECORD_TOO_LONG Even if I try to access without SSL http://ks307144.kimsufi.com/phpmyadmin/index.php I'm redirected to https Where is that redirection done and how does ispconfig create an SSL cert for phpmyadmin ?
has this only started happening recently? did you by any chance get new certificates with a different key length prior to this issue?
that said, and assuming you haven't changed any of the default ports, (have you?). have you got support for tls1.2 and tls1.3 enabled? you should also ensure you've disabled support for tls1.0 and tls1.1 and all versions of SSL.
I can't ensure when this did happened as I did not access to phpmyadmin since a long time on that server. All certificates were generated automatically by certbot at server install a few monthes ago. I remember I did change keys from dsa to rsa, perhaps at server change. After a recent certs renewall error I recently wanted to let ISPCONFIG manage certs. I removed certbot renew from crontab, deleted all certificates and try to make them with ISPCONFIG. It lead to other errors on vhosts certs disscussed on another post https://www.howtoforge.com/communit...ispconfig-interface-acme-message.83786/page-2 I did not make any ports changes. Does this answers to your questions about TLS ?: Code: ks307144 ~ > grep -i tls /etc/ssl/openssl.cnf MinProtocol = TLSv1.2
The above error happens when you use https:// when there is HTTP:// available only. By default, phpmyadmin listens only on HTTP. You can enable the default SSL ghost on Debian and Ubuntu with: a2ensite default-ssl and then restart apache.
The problem is that phpmyadmin http is redirected to https and I don't know where. default SSL is already enabled: Code: ks307144 ~ > a2ensite default-ssl Site default-ssl already enabled
just tried wget http://ks307144.kimsufi.com/phpmyadmin/index.php and that didn't make any attempt to redirect to https, just downloaded the file. are you specifying http:// on the browser url? if you're just starting from the hostname then maybe your browser is defaulting to https for the request.
Thanks for that post. I realized there is a browser cache problem too. The url works for me from another browser; if "forget about that site" in Firefox the url works back. But how did it cache http://ks307144.kimsufi.com/phpmyadmin/index.php to https://ks307144.kimsufi.com/phpmyadmin/index.php ? And how do I put phpmyadmin under https ?
clearing the browser cache doesn't always clear out stored redirects, a complete restart seems to be needed sometimes. also some browsers now will automatically make the original request as https:// unless you specifically use http:// you can't put phpMyAdmin under https unless you have it installed in it's own vhost. if it's just added in as an alias in /etc/apache2/conf-enabled/phpMyAdmin.conf then it'll use whatever certificate is applied to whatever domain url is used in your browser.
You seem to be running http on port 443, as @till said that error indicates. http://ks307144.kimsufi.com:443/phpmyadmin/index.php (note http on 443) is probably a functioning phpmyadmin. So it seems your default-ssl vhost config does not enable ssl, or that config is not in use. You can check /etc/apache2/sites-available/default-ssl.conf for the former, and run `apachectl -S` to determine the latter. Start with enabling the SSL and Lets Encrypt checkboxes in your ks307144.kimsufi.com vhost settings, and troubleshoot till that issues a certificate. One last case which might help others searching this thread, if you have loaded an https site https://ks307144.kimsufi.com/ which sends an HSTS header (Strict-Transport-Security) in your browser, it will upgrade all future http requests to https automatically. That is not the case for you, you actually have an almost opposite scenario (running plain http on https port).
