Edx-studio stops working after custom domain

Keywords: OpenEdX - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: b8dccf49-145e-1212-b38b-f54a9b44f865

bndiagnostic output:

? Apache: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/

bndiagnostic failure reason: The tool could not find any issue

Description:
I’ve tried all possible combinations and possibles fix from another posts. But as soon as I create a new edx instance from the marketplace in AWS, I assign a subdomain to that public IP, and only do 2 things in the instance: remove the banner and run sudo /opt/bitnami/bncert-tool specifying the domain to be used.

When I do this, the main site keeps working but if I try to go to domain/edx-studio redirects to domain:18010 with the following error:

This site can’t provide a secure connection sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

I know the redirect is correct, but it should load the page to allow login and administration. I did check the login in both main site and edx-studio before the custom domain and both worked.

Hi @jp.urzua.t,

Thanks for using Bitnami. I did a test for connecting to your /edx-studio url and it worked fine for me. Did you managed to fix your issue?

$ curl -LI "co***es.coach***edu.com/edx-studio"
HTTP/1.1 302 Found
Date: Thu, 22 Jul 2021 10:09:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://co***es.coach***edu.com/edx-studio
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Thu, 22 Jul 2021 10:09:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: http://co***es.coach***edu.com:18010/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Thu, 22 Jul 2021 10:09:55 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Length: 12916
X-Frame-Options: DENY
Vary: Accept-Language,Cookie,Origin,Accept-Encoding
Content-Language: en
Set-Cookie: csrftoken=XBkQ7XZAGXx6tnTyZwGgRm94qokFDXyTNLWueKHg7j38OBFA8ggmFpgXJQCTIFeZ; expires=Thu, 21 Jul 2022 10:10:02 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Content-Type: text/html; charset=utf-8

I was talking a look, and you are right through cURL it works fine because it’s not forcing HTTPS, if you cURL with https you get an error:

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

which is similar to what happens in the browser (Chrome). If I try this in firefox (which allows you to do less secure things) page does load, but when I login, it redirects to regular user dashboard, not studio dashboard (my guess https redrection).

This leads me to the following concerns:
-Shouldn’t the system support full https on all ends?
-What should be the recommended configuration?

Hi @jp.urzua.t,

I got redirected to HTTPS in the output I shared in my previous message. I’m not getting any error when using curl with HTTPS, either to the /edx-studio URI or the homepage

$ curl -LI "https://co***es.coach***edu.com/edx-studio"
HTTP/1.1 302 Found
Date: Thu, 22 Jul 2021 13:48:18 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: http://co***es.coach***edu.com:18010/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Thu, 22 Jul 2021 13:48:18 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Length: 12916
X-Frame-Options: DENY
Vary: Accept-Language,Cookie,Origin,Accept-Encoding
Content-Language: en
Set-Cookie: csrftoken=2JwUIJ8YcCPZDUUsl8iCUe1Dfr9hocNCQ0nO885LQJzZl9N3fM3vPe9iDN4WSm2U; expires=Thu, 21 Jul 2022 13:48:18 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Content-Type: text/html; charset=utf-8

And for the main webpage

$ curl -LI "https://co***es.coach***edu.com"
HTTP/1.1 200 OK
Date: Thu, 22 Jul 2021 13:48:30 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Length: 10440
Vary: Cookie,Accept-Language,Origin,Accept-Encoding
X-Frame-Options: DENY
Content-Language: en
Set-Cookie: csrftoken=Myf42mEnj93HZOv1QqBYLtr91pw2JquU4r9tZTrZN7eRH96NppCBLFKscJ5S8UdF; expires=Thu, 21 Jul 2022 13:48:30 GMT; Max-Age=31449600; Path=/; SameSite=None; Secure
Set-Cookie: sessionid=1|f6k1un6b3djn52jeja0qzuu0klfl8oxw|cc0MY8MfgPWg|ImMyYzdjMTY3NDEyODdkYTAyYmFkMTQ5OWNlNTJjZGFiZGQwMmEwODBhNTRiODlhZDJlYTEwMzBiYTcxOWVlNmEi:1m6Z3u:73YYkxRLLhalxcJOok0dUFAjusw; expires=Thu, 05 Aug 2021 13:48:30 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=None; Secure
Content-Type: text/html; charset=utf-8

Can you tell us against which URL are you running curl? Which is the whole output you get?

Hi @jp.urzua.t,

About the issue you found, are you behind a firewall?

https://stackoverflow.com/questions/50840101/curl-35-error1408f10bssl-routinesssl3-get-recordwrong-version-number/50842202

Shouldn’t the system support full https on all ends?

I can’t reproduce any HTTPS issue with your website, even from the browser it works fine for me, and the certificate is valid

No, I’m not behind a firewall. The issue is not with the main site but the edx-studio. If you notice in your courl, it redirected to HTTP. Can you try accessing the https://co*****.com:18010/, both browerses (chrome and firefox) fails. HTTP only works in firefox, and if I login, it goes to regular user login.
Honestly, I don’t know what combination of settings I required in order to access https boths sites.

I was able to fix it! in httpd-vhosts.conf the virtual host for *:18010 didn’t had the SSLEngine ON and cert file and key lines. I add it manually and it worked.

How I added the cert to the installation was through the bncert tool, so maybe it is missing the functionality to add the SSL rules in other ports besides the 443. In this case the edx-studio one

Hi @jp.urzua.t,

Thanks for the info. I’m glad you fixed your issue! We will close this thread as solved. Please do not hesitate to open a new one with any other questions you may have.