Chrome error: 'ERR_SPDY_PROTOCOL_ERROR

Hello,

I have already done wordpress installations with easyengine.

Today when creating my first instance on vultr.com I made an installation by command:

Sudo ee site create example.com --wp --php7 --letsencrypt

But only in the Chrome browser the page does not load, reporting the error:

ERR_SPDY_PROTOCOL_ERROR

Firefox and Microsoft Edge accessed the site normally.

How can I resolve this?

Restart Chrome.

Your site probably had an SSL cert from another server; then you migrated it to a new VPS; Chrome stupidly tries to decrypt data using old, cached cert — it will never work.

Restarting Chrome probably will clear all caches.

It this doesn’t help a visit to chrome://settings/reset might be useful.

If none of my suggestions help, try Google. There will be plenty of results telling how to workaround this annoyance.

1 Like
ee site create example.com --wp --php7 --letsencrypt

or…

ee site update example.com --wp --php7 --letsencrypt=renew

then…

Check your ciphers. Yes, your ciphers.

ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

Check your ssl_certificate AND ssl_certificate_key You’ll need something like these paths =>

ssl_certificate     /etc/letsencrypt/live/yourdomain/fullchain.pem;
ssl_certificate_key     /etc/letsencrypt/live/yourdomain/privkey.pem;

Save and run:

sudo /etc/init.d/nginx restart;

or

ee stack restart

Have fun.

Edit the conf file located at

sitename/conf/nginx/ssl.conf

remove the http2 save and restart nginx (sudo service nginx restart)

1 Like

Today, the same thing happened to install EE.

remove the http2 can be normal.

Is the EE fail to start http2?

It’s a certificate issue, not http2.

EE installed before today, apply for a certificate, http2 is normal.

Strange, today install two VPS, http2 can not be used.

(Linode 2G Ubuntu 16.04)

Only your tip solved the problem. But why do it now? Why is this occurring?

1 Like

Found the solution guys. The problem is because the HTTP / 2 protocol is stricter in its cryptographic suites than HTTP / 1. Follow the below step to enable ssl with http2 -

  1. you have to edit the nginx config file placed in etc/nginx/nginx.config.

  2. Scroll to SSL setting and replace the SSL Cipher (whole text in front of ssl cipher) to ssl_ciphers EECDH + CHACHA20: EECDH + CHACHA20-draft: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

  3. open putty and type ee stack restart. Its done. Your site will be working now.

1 Like

This does not work and breaks the overall nginx conf (nginx does not restart after this.)

There is not such line with http2 in the ssl config file.

This did not work either. Basically cipher values are unique to each installation (as far as i could tell via google) but even after checking the above it still says ERR_SPDY etc etc

Any help here from @admin would really be helpful…

How to fix ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

sudo nano /etc/nginx/nginx.conf

edit ssl_chipers line (somebody somehow make a mess with it during nginx 1.10.3 update)

here is the old one:

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

4 Likes

It worked great for me. Here is the reference link if you think i made this up myself. -

This tutorial is for setting up everything from scratch… The idea to use EE is to avoid doing all of this. I used EE’s famous 2 line installation on all my websites - And everyone runs smooth but the one I made yesterday. IF you can help me with that I would really be thankfull…

Tried this as well - Nginx does not restart after this. I copy pasted this exact cipher after ssl_ciphers and before ; but after saving nginx does not restart.

then u have done something else. share your nginx config file

What’s your sudo nginx -t says? or sudo cat /var/log/nginx/error.log says?

1- Nowadays, all nginx configs needed IPv4 and IPv6 settings. If you have listen 80; into a line, then you need listen [::]:80; also. Keep it simple. Unfortunately, none redirect or domain .conf file brings it.

2- Since nginx 1.10 stable branches, we have http2 support by default. So, you do not need to remove http2 from listen line.

3- After item 2 above, check 443 part of config file at server { ... statements about 443 port and more ... }, improve your ciphers and give compatibility or not with old browsers.

https://mozilla.github.io/server-side-tls/ssl-config-generator/

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

https://cipherli.st

1 Like

I think so …