HTTP/2 broken on stage 2.

for example:

curl -v "https://ezid-stg.cdlib.org/status"                                                                             [11:53:44]
*   Trying 44.231.82.25...
* TCP_NODELAY set
* Connected to ezid-stg.cdlib.org (44.231.82.25) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=ezid-stg.cdlib.org
*  start date: Aug 26 00:00:00 2020 GMT
*  expire date: Sep 25 12:00:00 2021 GMT
*  subjectAltName: host "ezid-stg.cdlib.org" matched cert's "ezid-stg.cdlib.org"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f971580c400)
> GET /status HTTP/2
> Host: ezid-stg.cdlib.org
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [upgrade], value: [h2,h2c]
* HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
* stopped the pause stream!
* Connection #0 to host ezid-stg.cdlib.org left intact
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Closing connection 0

versus dev:

curl -v "https://uc3-ezidx2-dev.cdlib.org/status"                                                                       [11:56:07]
*   Trying 35.164.191.193...
* TCP_NODELAY set
* Connected to uc3-ezidx2-dev.cdlib.org (35.164.191.193) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; postalCode=94607; ST=California; L=Oakland; street=1111 Franklin Street; O=Regents of the University of California; OU=CDL; CN=uc3-ezidx2-dev.cdlib.org
*  start date: Jun  4 00:00:00 2020 GMT
*  expire date: Jun  4 23:59:59 2022 GMT
*  subjectAltName: host "uc3-ezidx2-dev.cdlib.org" matched cert's "uc3-ezidx2-dev.cdlib.org"
*  issuer: C=US; ST=MI; L=Ann Arbor; O=Internet2; OU=InCommon; CN=InCommon RSA Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fc98280f600)
> GET /status HTTP/2
> Host: uc3-ezidx2-dev.cdlib.org
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< date: Tue, 29 Sep 2020 15:56:40 GMT
< server: Apache/2.4.46 () OpenSSL/1.0.2k-fips mod_wsgi/4.7.1 Python/2.7
< content-length: 19
< vary: Accept-Language,Cookie
< content-language: en
< content-type: text/plain; charset=UTF-8
<
* Connection #0 to host uc3-ezidx2-dev.cdlib.org left intact
success: EZID is up* Closing connection 0

CDLUC3 / ezid

HTTP/2 broken on stage 2. #51