[squid-users] FATAL: Unable to open HTTPS Socket

[Oliver Webb]

TLDR Skip to ----------

I have squid 3.5.7 installed on linux with the following configure options:

 '--build=arm-linux-gnueabihf' '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/usr/lib/squid' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-default-user=proxy' '--with-logdir=/var/log' '--with-pidfile=/var/run/squid.pid' '--enable-ssl' '--with-openssl' '--enable-ssl-crtd' '--enable-delay-pools' '--enable-external-acl-helpers=session' 'build_alias=arm-linux-gnueabihf'

I have the following ports assigned in squid.conf:

http_port 3129
http_port 3128 intercept
https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem

I also have IPTables redirecting port 443 traffic to port 3130 and port 80 traffic to 3128

For port 80 HTTP traffic the proxy works fine pages load except blocked ones which the proxy successfully replaces which blocked message

Port 443 HTTPS traffic is successfully bumped by squid and the certificate is replaced with the dynamically generated one.
----------
HOWEVER
The page squid serves over the browser-squid tunnel is the ERR_DNS_FAIL error page with the %H hostname template code evaluated to 'http' (without quotes)

Also in the cache.log the following message appears after every HTTPS request
FATAL: Unable to open HTTPS Socket
Nothing else is using the 3130 port as when I stop squid I am able to run a web server off this port (no it *definitely* isn't the web server using the port I just started it as a test)

I have no clue what is wrong. Please Help!! Thank you!