Nginx Letsencrypt OpenSSL Error on new Ubuntu 22.04 "unexpected eof while reading"

AAA · May 5, 2022, 8:41am

Hi all,

after an Ubuntu-Server upgrade on 22.04, which came along with a new php-Version (from 7.4 to 8.x) and an openssl Version (from 1.1.1 to 3.0.2) I experience the follwoing error message:

2022/05/05 10:34:29 [crit] 925#925: *6508 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 83.135.195.229, server: 0.0.0.0:443```
php seems to be configured like this:

sudo update-alternatives --config php
Es gibt 3 Auswahlmöglichkeiten für die Alternative php (welche /usr/bin/php bereitstellen).

Auswahl Pfad Priorität Status

0 /usr/bin/php8.1 81 automatischer Modus
1 /usr/bin/php7.4 74 manueller Modus

2 /usr/bin/php8.0 80 manueller Modus
3 /usr/bin/php8.1 81 manueller Modus

What is the best way to get rid of the error?

Regards and thank-you,

AAA

devnull · May 5, 2022, 9:15am

I found this for you. Maybe the included answer helps you.

AAA · May 11, 2022, 3:32pm

Thank-you all and devnull…
Unfortunately the respective link did not help because I don’t understand what to do in order to avoid the error:

SSL: error:0A000126:SSL routines::unexpected eof while reading

Ich would like t know what to do…

Regards

AAA

stratege1401 · May 11, 2022, 3:42pm

Hello,

you can find some discussion relative to this kind of bug here:

github.com/openssl/openssl

ssl3_read_n:unexpected eof while reading while keepalive

opened 10:44AM - 22 Mar 20 UTC

closed 09:31AM - 02 Apr 20 UTC

tiiiecherle

triaged: bug

Hey openssl team, I'm using archlinux with nginx-mainline and php-fpm with al…l packages up-to-date. After upgrading to openssl 1.1.1.e we see the following error happening over and over again. `nginx[11287]: 2020/03/20 23:35:38 [crit] 11287#11287: *64 SSL_read() failed (SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive, client: x.x.x.x, server: 0.0.0.0:443` I don't know if this is something that needs to be fixed in openssl, in nginx (or perhaps only a setting) or in the webapps used. Unfortunately there are no other entries in the logs. I don't know if that helps in any way but I don't even use ssl3 in nginx, only tlsv1.2. Downgrading to openssl 1.1.1.d solves the issue. I guess it is related to [this](https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a). Thanks for any help in advance.

Also, on my personnal expêrience, check if port 80 and 443 are unused while querying the ssl cert.

AAA · May 11, 2022, 6:12pm

Hi all, hi stratege1401,

check if port 80 and 443 are unused while querying the ssl cert.
How do I do that?

By the way I have seen that apache2 was (wizardly) installed although I use nginx.
I removed apache 2 (apt remove apache2), but no improvement.

I know the post on github, but I neither understand nor can discover what to do??!!

JuergenF · May 20, 2022, 4:21pm

Hi AAA,

I had the same issue with my fresh Ubuntu 22.04 installation after installing nginx right away from the system repository. It turned out this wasn’t the very latest version (V1.18 or so).

After installing mainline V1.21.6 from Ondrejs PPA the issue was gone for good. Thanks to the instruction in https://www.linuxcapable.com/how-to-install-nginx-mainline-on-ubuntu-22-04-lts/

NB: I wasn’t able to install nginx from the official repository using the gpg key.