Chrome error: 'ERR_SPDY_PROTOCOL_ERROR


#1

Hello,

I have already done wordpress installations with easyengine.

Today when creating my first instance on vultr.com I made an installation by command:

Sudo ee site create example.com --wp --php7 --letsencrypt

But only in the Chrome browser the page does not load, reporting the error:

ERR_SPDY_PROTOCOL_ERROR

Firefox and Microsoft Edge accessed the site normally.

How can I resolve this?


#2

Restart Chrome.

Your site probably had an SSL cert from another server; then you migrated it to a new VPS; Chrome stupidly tries to decrypt data using old, cached cert — it will never work.

Restarting Chrome probably will clear all caches.

It this doesn’t help a visit to chrome://settings/reset might be useful.

If none of my suggestions help, try Google. There will be plenty of results telling how to workaround this annoyance.


#3
ee site create example.com --wp --php7 --letsencrypt

or…

ee site update example.com --wp --php7 --letsencrypt=renew

then…

Check your ciphers. Yes, your ciphers.

ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

Check your ssl_certificate AND ssl_certificate_key You’ll need something like these paths =>

ssl_certificate     /etc/letsencrypt/live/yourdomain/fullchain.pem;
ssl_certificate_key     /etc/letsencrypt/live/yourdomain/privkey.pem;

Save and run:

sudo /etc/init.d/nginx restart;

or

ee stack restart

Have fun.


#4

Edit the conf file located at

sitename/conf/nginx/ssl.conf

remove the http2 save and restart nginx (sudo service nginx restart)


#5

Today, the same thing happened to install EE.

remove the http2 can be normal.

Is the EE fail to start http2?


#6

It’s a certificate issue, not http2.


#7

EE installed before today, apply for a certificate, http2 is normal.

Strange, today install two VPS, http2 can not be used.

(Linode 2G Ubuntu 16.04)


#8

Only your tip solved the problem. But why do it now? Why is this occurring?


#9

Found the solution guys. The problem is because the HTTP / 2 protocol is stricter in its cryptographic suites than HTTP / 1. Follow the below step to enable ssl with http2 -

  1. you have to edit the nginx config file placed in etc/nginx/nginx.config.

  2. Scroll to SSL setting and replace the SSL Cipher (whole text in front of ssl cipher) to ssl_ciphers EECDH + CHACHA20: EECDH + CHACHA20-draft: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

  3. open putty and type ee stack restart. Its done. Your site will be working now.


#10

This does not work and breaks the overall nginx conf (nginx does not restart after this.)


#11

There is not such line with http2 in the ssl config file.


#12

This did not work either. Basically cipher values are unique to each installation (as far as i could tell via google) but even after checking the above it still says ERR_SPDY etc etc

Any help here from @admin would really be helpful…


#13

How to fix ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

sudo nano /etc/nginx/nginx.conf

edit ssl_chipers line (somebody somehow make a mess with it during nginx 1.10.3 update)

here is the old one:

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;


#14

It worked great for me. Here is the reference link if you think i made this up myself. -


#15

This tutorial is for setting up everything from scratch… The idea to use EE is to avoid doing all of this. I used EE’s famous 2 line installation on all my websites - And everyone runs smooth but the one I made yesterday. IF you can help me with that I would really be thankfull…


#16

Tried this as well - Nginx does not restart after this. I copy pasted this exact cipher after ssl_ciphers and before ; but after saving nginx does not restart.


#17

then u have done something else. share your nginx config file


#19

What’s your sudo nginx -t says? or sudo cat /var/log/nginx/error.log says?


#20

1- Nowadays, all nginx configs needed IPv4 and IPv6 settings. If you have listen 80; into a line, then you need listen [::]:80; also. Keep it simple. Unfortunately, none redirect or domain .conf file brings it.

2- Since nginx 1.10 stable branches, we have http2 support by default. So, you do not need to remove http2 from listen line.

3- After item 2 above, check 443 part of config file at server { ... statements about 443 port and more ... }, improve your ciphers and give compatibility or not with old browsers.

https://mozilla.github.io/server-side-tls/ssl-config-generator/

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

https://cipherli.st


#21

I think so …