Error from curl : SSL23_GET_SERVER_HELLO:unknown protocol
On a website that worked perfectly and achieved an A+ on Qualys SSL Labs, when curl'ing the homepage today on that site, the following error presented itself:
curl https://mydomain.com --verbose
* Rebuilt URL to: https://mydomain.com/
* Hostname was NOT found in DNS cache
* Trying 127.0.1.1...
* Connected to www.opengl.org(127.0.1.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS Unknown, Unknown (22):
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Searches resulted in lots of various fixes and troubleshooting techniques. In this case, the error stemmed from an incorrectly configured Apache 2 configuration file. Looking in /etc/apache2/sites-enabled, the VirtualHost directive was using the servers IP address, like this:
<VirtualHost nnn.nnn.nnn.nnn:443>
The solution was to adjust the configuration file this with:
<VirtualHost _default_:443>
Restart Apache, and curl now functioned correctly.
This will not be the fix for most people, but I needed to put this somewhere in case I stumble across it again. Lots of folks online discovered that they had either forgotten to include the default-ssl configuration file in Apache, or they have mangled their /etc/hosts file. You now have three things to check!