Error from curl : SSL23_GET_SERVER_HELLO:unknown protocol
On a website that worked perfectly and achieved an A+ on Qualys SSL Labs, when curl'ing the homepage today on that site, the following error presented itself:
curl https://mydomain.com --verbose * Rebuilt URL to: https://mydomain.com/ * Hostname was NOT found in DNS cache * Trying 127.0.1.1... * Connected to www.opengl.org(127.0.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS Unknown, Unknown (22): * SSLv3, TLS handshake, Client hello (1): * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Closing connection 0 curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Searches resulted in lots of various fixes and troubleshooting techniques. In this case, the error stemmed from an incorrectly configured Apache 2 configuration file. Looking in /etc/apache2/sites-enabled, the VirtualHost directive was using the servers IP address, like this:
<VirtualHost nnn.nnn.nnn.nnn:443>
The solution was to adjust the configuration file this with:
<VirtualHost _default_:443>
Restart Apache, and curl now functioned correctly.
This will not be the fix for most people, but I needed to put this somewhere in case I stumble across it again. Lots of folks online discovered that they had either forgotten to include the default-ssl configuration file in Apache, or they have mangled their /etc/hosts file. You now have three things to check!