You’re getting this annoying error message again and again when trying to fetch certificate and/or establish a connection to your website using openssl:
139647967614624:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:
This issue is well known in several openssl versions, and a bug has been addressed for Ubuntu repositories:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228
For now, there’s a simple workaround that works to quickly fix it!
For openssl
If you’re facing it while using openssl directly, you can fix it by specifying the servername on command-line:
openssl s_client -connect www.mywebsite.com:443 -servername www.mywebsite.com
For pyOpenSSL
If you’re having this issue while using pyOpenSSL (python wrapper for OpenSSL), it can also be fixed with a quick workaround by adding the option set_tlsext_host_name() to specify the server name in your “Connection” object.
You will get something like this:
import socket from OpenSSL import SSL # REPLACE WITH YOUR OWN WEBSITE hostname = 'www.mywebsite.com' ctx = SSL.Context(SSL.TLSv1_METHOD) sock = socket.socket() ssl_sock = SSL.Connection(ctx, sock) ssl_sock.set_tlsext_host_name(hostname) ssl_sock.connect((hostname, 443)) ssl_sock.do_handshake() cert = ssl_sock.get_peer_certificate() print cert.get_subject().commonName