Recently I was trying to move my sites to SSL – for various reasons.
The test site went fluently, while the work machine refused to serve SSL content. While testing with ‘wget’, the error I received was

GnuTLS: An unexpected TLS packet was received.

The first possible solution was to upgrade Debian to the latest available software, as ir was about a months old. Nope, did’t help much.

Let’s try the other way, as suggested by DebuggingSSLProblems Wiki:
openssl s_client -crlf -debug -connect my.precious.server:443 -status -servername my.precious.server

Blah blah bl…

140037981172992:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:

Wait. It makes no sense. Let’s regenerate self-signed certificates, restart apache and … Nope. Didn’t help either.

Hey, the differences in /etc/apache2/mods-available/ssl.conf might give a clue. Nope. The are mostly identical.

The final solution was found┬á in : the difference between the two machines was the test one had .conf files in /etc/apache2/sites-available/ , while the production one didn’t. For some reasons the files in the production box were hand-linked to /etc/apache2/sites-enabled/ . So the solution is simple: add .conf extension to every file you need in /etc/apache2/sites-available/ , edit symlinks in /etc/apache2/sites-enabled/ or use a2ensite and restart apache2. Need to say there was no difference for Apache. Up to the moment I enabled SSL.