Re-negotiation Handshake Failed

I've had some trouble troubleshooting a problem with a site. Regular browsers had no problem, and the certificate appeared fine. However, Bingbot was getting failure (503) on trying to access robots.txt. Once I allowed that to be available via http, the problem went away. Looking further I found some ideas:

  • Bingbot had a problem with SNI, specifically for the robots.txt and sitemap.xml parsing.
    • I could see Bingbot accessing pages inside the site, but not the key pages. Also, attempts on Fetch as Bingbot in Bing Webmaster yielded the same 503 error (which is a security error).
  • Finally I found the only page in the Google index which used the terms: "bingbot" "AH02261: Re-negotiation handshake failed". Multiple double-quoted phrases can be effective at the wheat/chaf problem.

Turns out there was a problem when updating the LetsEncrypt certificate that it created a new cert but did not rewrite to the ssl.conf file. I manually edited to that old one, then recreated the cert again (which it automatically shifted to the first cert/priv/chain filenames, but this time did rewrite those urls in ssl.conf).