Can't do first Installation SSL_ERROR_RX_RECORD_TOO_LONG

Hello everyone :slight_smile:

I just installed(as far as i came) Nextcloud on my Raspberry Pi 3. I followed these instructions:
If you can’t read german, please just try to get the steps from the code.

So I’m at the part where you connect to the server via the browser (using Mozilla but getting similar errors with other browsers)
And get the following error (freely translated):
Error: secured connection failed

An error occured while connecting to [MYDOMAINNAME] SSL got an entry that exceeded the maximal length. Errorcode: SSL_ERROR_RX_RECORD_TOO_LONG

Thanks for help, please let me know if you need further information.



Those errors indicate a problem with your web server SSL/TLS configuration. Can you post your web server configuration including the SSL section?

I think you mean /etc/nginx/sites-available/default
Here the content of the file:

server {
listen 80;
return 301 https://$server_name$request_uri; # enforce https

server {
listen 443 ssl;
ssl_certificate /var/www/ssl/cloudssl.crt;
ssl_certificate_key /var/www/ssl/cloudssl.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
root /var/www/cloud;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;


The error you are receiving indicates a HTTP response on a HTTPS port. Can you double check that Nginx is not serving up a default HTTP virtual host on port 443?

Regarding the configuration, there are a couple of small issues.

1: Try not to use variables in your return code. For example, ‘return 301 https://$server_name$request_uri;’ could be,

return 301$request_uri;

2: SSLv3 is known to be insecure. Change ‘ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;’ to,

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

3: The ssl_ciphers can be updated according to Mozilla’s intermediate or modern configuration. See

Firts thank you for your quick and good response.

So I did what you mentioned in 1 and 2 (what are nice tips), but it didn’t solve the problem…
I am not entierely sure if i updated ssl ciphers right.
I chosed the exact version of my ssl and server version and added all the lines that were there.
Since then i can’t restart the service and if i just change the ciphers line the problem isn’t solved either.

You said something about a virtual host. I do not remember configuring one. Where can I find the File? Maybe that’s the Problem :confused:


A virtual host is basically a server block. Your configuration shows two server blocks. I suspect there is a another server block somewhere, a default block that is responding to your requests. This may be because the default file is not being read.

You mentioned a file, ‘etc/nginx/sites-available/default’. In this case your server blocks should be in a file under ‘/etc/nginx/sites-available/site.conf’ and symlinked to ‘/etc/nginx/sites-enabled/site.conf’.

This tutorial may help better as it seems to match the Nginx layout you are using. See

Thank you very much.

I will read trough and try out this at this weekend and then write if i found something out.

So I read trough the tutorial and think i got everything.
I found out i missconfigured the ssl keys but recreating them didn’t fix much.
Now if I put only my URL in the URL Line in Mozilla it loads and loads until it gets no response.
If i write:https://MYURL the error in the SSL_ERROR_RX_RECORD_TOO_LONG appears again.

I also read trough this and added most of the important lines (I added just the ones I completly understood)

You mentioned a file, ‘etc/nginx/sites-available/default’. In this case your server blocks should be in a file under ‘/etc/nginx/sites-available/site.conf’ and symlinked to ‘/etc/nginx/sites-enabled/site.conf’

If I ‘ls’ in ‘/etc/nginx/sites-available/’ there only is ‘default’ what is the virtual host that is used by default, I assume.
There I edited the config. The symlink to ./sites-enabled exists ands works.

I used this site to check my SSL:

Which gives following output (before that it says that it can resolve the hostname and the server is apache(i think nginx looks like apache from the outside))
No SSL certificates were found on Make sure that the
name resolves to the correct server and that the SSL port (default is
443) is open on your server’s firewall.

Then I ran a Portscanner which said my port 443 is opened.
Maybe there’s something wrong how the server handles the SSL? I don’t know cause I’m not experienced with SSL or webservers. :confused:

Thanks for your help so far. :slight_smile:

Nginx has a very specific header. It is unlikely to be confused as Apache. Are you sure you don’t have Apache installed as well?

I did ‘whereis apache2’ and indeed found a folder. There is not much but maybe that is creating the error? I will purge it cause it’s not mentioned in the tutorial I am using. I’m at work right now so I can’t check if it works. I write again when I checked.


You should not need to delete the files. Just double check that Apache is not running.

You can also check your certificate with You can check all running processes with
ps -aux
and the processes behind each port:
netstat -tulpen

Is this an official SSL certificate or self-signed?

Thank you, I will try that. I just not have the time atm.

The certificate is self-signed.