This site can’t provide a secure connection or SSL_ERROR_RX_RECORD_TOO_LONG

Hi everyone!

Regrettably, I get those errors (the former by Chrome and the latter by Firefox) when trying to access for the first time to my on-premises bitwarden server installation. Everything looks good during the installation, even the certificates (created by letsencrypt).

I’m kinda lost so any help, would be greatly appreciated :slight_smile:

Thank you guys in advance!

Could be an issue with your nginx configuration. Kinda hard to pinpoint without knowing what kind of installation you did, if you are using a reverse proxy to handle the requests or if you are exposing it directly etc…

One time I’ve had to deal with this issue (unrelated to bitwarden) it was the fact that my HTTPS redirects were configured poorly.

Hi Sphyrnus,

Thank you so much for your response!

I do think you’re right. Yes, I am using a reverse proxy (nginx) to handle the requests. I have sort of fixed it by using the snake-oil certificates from the package ssl-cert (Ubuntu 18.04) in the nginx server. Now I get a warning from the Chrome browser but I can access, although it’s not the same for Firefox, which doesn’t allow me to connect yet. If you could give me some basic directions about configuring the nginx, I would be really appreciated.

This issue usually involves a problem with your web browser or your site’s SSL certificate. The browser’s telling you that because it’s trying to tell you there’s a problem with the certificate the website is using for HTTPS, so “this site can’t provide a secure connection”. In all cases the end-to-end encryption is still going to work just because HTTPS can’t function without it. There is no definite guide for managing this error.

Two possible options to get rid of this issue

  1. Use Self Sign certificate
  2. Remove domain security policy:

Steps for Chrome :

  • Go to : chrome://net-internals/#hsts
  • Query HSTS/PKP domain for localhost
  • Use Delete domain security policies option to delete configuration for localhost

This error is because of the following problems:

  • Invalid SSL or SSL is untrusted (self-signed)
  • SSL Not installed properly
  • Old Technology or SSL/TLS version for encryption