Kayako wget OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

We are using Kayako for our support ticket system. I just updated our server from Ubuntu 12.04 to Ubuntu 14.04. We started to see a problem with some crons which automate the importing and processing of emails.

This is the error that we got:

Resolving support.oursite.com (support.oursite.com)...
Connecting to support.oursite.com (support.oursite.com)||:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

There are several possible SSL problems that this could be:

1 – The destination site does not like the protocol – this could be caused but CURL / WGET not using a compatible version of SSL as the server. So you can try setting the version of ssl like so:

wget -secure-protocol=SSLv2 https://example.com
curl --sslv2 https://example.com

2 – The destination site does not like the cipher. This can be caused by a poor cipher configuration in Apache or anonymous ciphers is disabled on the server.

Finally – and this was my problem…

The php script that was making the request was located on the same server as the Kayako support ticket system. The url for the server was something like support.randomhacks.co.uk and the hostname of the server was also support.randomhacks.co.uk . So, when looking up the DNS record for support.randomhacks.co.uk the computer went to /etc/hosts and returned rather than the public ip address. So, when the script tried to connect to Apache at using https it failed because SSL certificates a limited to one ip address only and this was the public IP address.

I hope help solve you problem. I would be great to hear if you have another solution.
I hope this helps someone.

3 thoughts to “Kayako wget OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol”

    1. Sorry. Looking back at this post, I realised the solution isn’t completely obvious from my explanation.

      You need to change the hostname of your server to something different to the website domain name.

      For example, if the server hostname is support.spoons.com and the domain name of the website is support.spoons.com then change the server hostname to support.spoonsserver.com.

      To make this change, you will need to update both /etc/hostname and /etc/hosts and then reboot.

      This means that when the local script makes a DNS request for support.spoons.com the /etc/hosts won’t return There might be another (perhaps better) way to achieve the same effect but this really simple solution that worked for me. Hope that helps.

Leave a Reply