SSL connection fails on new virtual server with ssl_error_rx_record_too_long

I have a stable server running Virtualmin with 9 sites on it. 3 are currently using SSL and have their own IP addresses - all working fine.

I’ve added a new site ( which works ok. I’ve assigned it a new IP address which works fine. Its IP restricted for testing purposes btw.

I’ve then set SSL website enabled? and IP-based virtual FTP enabled? in its features but SSL is not working:

On accessing the site using https/ I get

Secure Connection Failed
An error occurred during a connection to
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

The error log shows:

[Tue Jan 17 12:00:05 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jan 17 12:00:05 2012] [warn] RSA server certificate CommonName (CN) `' does NOT match server name!?

As the site is for testing I’m happy using a self signed cert. I tried recreating one but I still get the same error.

I’ve gone through all the Virtualmin settings for a working site (e.g. and compared them to the non working and the ones look right.

Any idea how I can fix/research this further?

Trying openssl for more info - here’s one working site and the borked one on the server:

~ $ openssl s_client -connect
9692:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:
~ $ openssl s_client -connect
depth=1 /C=US/O=GeoTrust, Inc./CN=RapidSSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0

Looks like its just not set up right.

I ran ‘apache2 -S’ and noticed

...*      is a NameVirtualHost
     default server (/etc/apache2/sites-enabled/
     port 80 namevhost (/etc/apache2/sites-enabled/
     port 443 namevhost (/etc/apache2/sites-enabled/
/etc/apache2/sites-available # find . -exec grep -l '' '{}' \;

The was using the 225 IP and was previously a non SSL site but the grep implies to me that the only place that this IP is now used is with naturapetstaging but it must be set somewhere else too…

     /etc/apache2 # grep 114 apache2.conf
 That looks very wrong.
 Deleting the defaulting 225 line cured the problem. Wonder why Virtualmin put it there:

Hrm, that is indeed odd! Nice find though.

Virtualmin shouldn’t add an entry like that… it should always add it in the format:


So deleting that one line is good.

Also, you may want to look in /etc/apache2/sites-enabled, to make sure there’s no VirtualHost line in the .conf files there which matches that incorrect line.


today faced the same problem

new virtual server -> new ssl cert
ssl enabled, cert paths ok, but ssl not working

httpd.conf contained:
NameVirtualHost xxx.yyy.zzz.qqq without a port, fixing the line solved the problem