TLS v1 enabled in nginx config but not working and certificates not availableBlank Page: wordpress on nginx+php-fpmphpmyadmin having problems on nginx and php-fpm on RHEL 6Nginx/Apache: set HSTS only if X-Forwarded-Proto is httpsOCSP validation - unable to get local issuer certificatenginx rewrite throw 404 with last and breakNginX + WordPress + SSL + non-www + W3TC vhost config file questionsUnable to use builtin CA bundle to verify GoDaddy SHA2 SSL certificateNginx override ssl_protocols directiveNot able to disable tls 1.1 for nginx

Missing Piece of Pie - Can you find it?

How to display a value with zenity?

String won't reverse using reverse_copy

Expressing 'our' for objects belonging to our apartment

Purpose of のは in this sentence?

I have a unique character that I'm having a problem writing. He's a virus!

Shantae Dance Matching

Understanding trademark infringements in a world where many dictionary words are trademarks?

How I can I roll a number of non-digital dice to get a random number between 1 and 150?

Why isn't nylon as strong as kevlar?

How can I support myself financially as a 17 year old with a loan?

Can there be a single technologically advanced nation, in a continent full of non-technologically advanced nations?

Can an isometry leave entropy invariant?

Should I replace my bicycle tires if they have not been inflated in multiple years

Can a nothic's Weird Insight action discover secrets about a player character that the character doesn't know about themselves?

BOOM! Perfect Clear for Mr. T

Would glacier 'trees' be plausible?

What is the name of this hexagon/pentagon polyhedron?

Is it safe ? Is it scam or real?

What are the advantages of luxury car brands like Acura/Lexus over their sibling non-luxury brands Honda/Toyota?

Why do money exchangers give different rates to different bills?

Can you complete the sequence?

How to model the curly cable part of the phone

If stationary points and minima are equivalent, then the function is convex?



TLS v1 enabled in nginx config but not working and certificates not available


Blank Page: wordpress on nginx+php-fpmphpmyadmin having problems on nginx and php-fpm on RHEL 6Nginx/Apache: set HSTS only if X-Forwarded-Proto is httpsOCSP validation - unable to get local issuer certificatenginx rewrite throw 404 with last and breakNginX + WordPress + SSL + non-www + W3TC vhost config file questionsUnable to use builtin CA bundle to verify GoDaddy SHA2 SSL certificateNginx override ssl_protocols directiveNot able to disable tls 1.1 for nginx






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
























  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47

















0















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
























  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47













0












0








0








I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl




ubuntu nginx ssl ssl-certificate openssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 21 '18 at 9:42







Jam3sn

















asked Sep 21 '18 at 9:01









Jam3snJam3sn

1042




1042












  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47

















  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47
















can you post your nginx config

– Drifter104
Sep 21 '18 at 9:38





can you post your nginx config

– Drifter104
Sep 21 '18 at 9:38













Sure, i've edited my post, obviously changed the domain and ssl_ciphers

– Jam3sn
Sep 21 '18 at 9:42





Sure, i've edited my post, obviously changed the domain and ssl_ciphers

– Jam3sn
Sep 21 '18 at 9:42













Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

– Drifter104
Sep 21 '18 at 9:45






Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

– Drifter104
Sep 21 '18 at 9:45














Yeah so that returns the no peer certificate available block above

– Jam3sn
Sep 21 '18 at 9:47





Yeah so that returns the no peer certificate available block above

– Jam3sn
Sep 21 '18 at 9:47










3 Answers
3






active

oldest

votes


















2














As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






share|improve this answer
































    0














    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






    share|improve this answer






























      0














      You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



      For example:



      http section:



      ssl_session_cache shared:SSL:10m;
      ssl_session_timeout 5m;
      ssl_prefer_server_ciphers on;
      ssl_stapling on;
      resolver 8.8.8.8;


      server section:



      ssl_protocols TLSv1.2;
      ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
      ssl_prefer_server_ciphers on;
      ssl_session_timeout 5m;
      ssl_session_tickets off;
      ssl_certificate SSL_Certificate.crt;
      ssl_certificate_key private.key;
      add_header Strict-Transport-Security "max-age=31536000";





      share|improve this answer























        Your Answer








        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "2"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );













        draft saved

        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f932008%2ftls-v1-enabled-in-nginx-config-but-not-working-and-certificates-not-available%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        2














        As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






        share|improve this answer





























          2














          As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






          share|improve this answer



























            2












            2








            2







            As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






            share|improve this answer















            As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Sep 21 '18 at 13:20









            Crypt32

            3,6071925




            3,6071925










            answered Sep 21 '18 at 12:50









            AHTAHT

            4616




            4616























                0














                So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                share|improve this answer



























                  0














                  So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                  I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                  share|improve this answer

























                    0












                    0








                    0







                    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                    share|improve this answer













                    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Sep 21 '18 at 14:53









                    Jam3snJam3sn

                    1042




                    1042





















                        0














                        You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                        For example:



                        http section:



                        ssl_session_cache shared:SSL:10m;
                        ssl_session_timeout 5m;
                        ssl_prefer_server_ciphers on;
                        ssl_stapling on;
                        resolver 8.8.8.8;


                        server section:



                        ssl_protocols TLSv1.2;
                        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                        ssl_prefer_server_ciphers on;
                        ssl_session_timeout 5m;
                        ssl_session_tickets off;
                        ssl_certificate SSL_Certificate.crt;
                        ssl_certificate_key private.key;
                        add_header Strict-Transport-Security "max-age=31536000";





                        share|improve this answer



























                          0














                          You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                          For example:



                          http section:



                          ssl_session_cache shared:SSL:10m;
                          ssl_session_timeout 5m;
                          ssl_prefer_server_ciphers on;
                          ssl_stapling on;
                          resolver 8.8.8.8;


                          server section:



                          ssl_protocols TLSv1.2;
                          ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                          ssl_prefer_server_ciphers on;
                          ssl_session_timeout 5m;
                          ssl_session_tickets off;
                          ssl_certificate SSL_Certificate.crt;
                          ssl_certificate_key private.key;
                          add_header Strict-Transport-Security "max-age=31536000";





                          share|improve this answer

























                            0












                            0








                            0







                            You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                            For example:



                            http section:



                            ssl_session_cache shared:SSL:10m;
                            ssl_session_timeout 5m;
                            ssl_prefer_server_ciphers on;
                            ssl_stapling on;
                            resolver 8.8.8.8;


                            server section:



                            ssl_protocols TLSv1.2;
                            ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                            ssl_prefer_server_ciphers on;
                            ssl_session_timeout 5m;
                            ssl_session_tickets off;
                            ssl_certificate SSL_Certificate.crt;
                            ssl_certificate_key private.key;
                            add_header Strict-Transport-Security "max-age=31536000";





                            share|improve this answer













                            You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                            For example:



                            http section:



                            ssl_session_cache shared:SSL:10m;
                            ssl_session_timeout 5m;
                            ssl_prefer_server_ciphers on;
                            ssl_stapling on;
                            resolver 8.8.8.8;


                            server section:



                            ssl_protocols TLSv1.2;
                            ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                            ssl_prefer_server_ciphers on;
                            ssl_session_timeout 5m;
                            ssl_session_tickets off;
                            ssl_certificate SSL_Certificate.crt;
                            ssl_certificate_key private.key;
                            add_header Strict-Transport-Security "max-age=31536000";






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Apr 24 at 9:53









                            slauta93slauta93

                            12




                            12



























                                draft saved

                                draft discarded
















































                                Thanks for contributing an answer to Server Fault!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f932008%2ftls-v1-enabled-in-nginx-config-but-not-working-and-certificates-not-available%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                -

                                Popular posts from this blog

                                Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

                                Image
                                centralized watchlist Wikipedia:Vital articles Wikipedia дан Jump to navigation Jump to search This is a list of basic subjects for which Wikipedia should have a corresponding high-quality article, and ideally a featured article. It also serves as a centralized watchlist and tracks the status of some of Wikipedia's most essential articles. Ideally this page should list approximately 1,000 of the most vital Wikipedia articles. Мазмуну 1 Biography - Өмүр баян 1.1 Actors, dancers and models - Актёрлор, бийчилер жана моделдер 1.2 Artists and architects - Сүрөтчүлөр жана архитекторлор 1.3 Authors, playwrights and poets - Жазуучулар, драматургдар жана акындар 1.4 Composers and musicians - Композиторлор жана музыканттар 1.5 Explorers and travelers - Изилдөөчүлөр менен саякатчылар 1.6 Film directors and screenwriters - Режиссёрлор жана сценаристтер 1.7 Inventors, scientists and mathematicians - Ойлоп табуучулар, окумуштуулар жана математиктер
                                Read more

                                Bruxelas-Capital Índice Historia | Composición | Situación lingüística | Clima | Cidades irmandadas | Notas | Véxase tamén | Menú de navegacióneO uso das linguas en Bruxelas e a situación do neerlandés"Rexión de Bruxelas Capital"o orixinalSitio da rexiónPáxina de Bruselas no sitio da Oficina de Promoción Turística de Valonia e BruxelasMapa Interactivo da Rexión de Bruxelas-CapitaleeWorldCat332144929079854441105155190212ID28008674080552-90000 0001 0666 3698n94104302ID540940339365017018237

                                Image
                                AnderlechtCidade de BruxelasIxellesEtterbeekEvereGanshorenJetteKoekelbergAuderghemSchaerbeekBerchem-Sainte-AgatheSaint-GillesMolenbeek-Saint-JeanSaint-Josse-ten-NoodeWoluwe-Saint-LambertWoluwe-Saint-PierreUccleForestWatermaal-Bosvoorde Comunidade Francesa de Bélxica Comunidade Flamenga de Bélxica Comunidade Xermanófona de Bélxica Bruxelas-CapitalRexións de Bélxica francésneerlandésRexiónsBélxicacomunidade francesacomunidade flamengafrancófonaflamengaUnión EuropeaMagrebMarrocosTurquíaAméricaÁfricaRepública Democrática do CongoEuropa central18 de xuño1989FlandresRexión Valoaflamengaséculo XIXClasificación climática de Köppen Bruxelas-Capital Na Galipedia, a Wikipedia en galego. Saltar ata a navegación Saltar á procura Para outras páxinas con títulos homónimos véxase: Bruxelas . Région de Bruxelles-Capitale Brussels Hoofdstedelijk Gewest Bandeira Estado Bélxica Capital Cidade de Bruxelas  • Poboación n/d Lingua oficial As dúas Superficie  • Total 1
                                Read more

                                What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company

                                Image
                                When is the original BFGS algorithm still better than the Limited-Memory version? How well known and how commonly used was Huffman coding in 1979? Inverse-quotes-quine Can the US president have someone sent to jail? Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver? Do French speakers not use the subjunctive informally? Low-gravity Bronze Age fortifications Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration? Why do some games show lights shine through walls? Unusual mail headers, evidence of an attempted attack. Have I been pwned? Smooth Julia set for quadratic polynomials Require advice on power conservation for backpacking trip Dimensions of list used in test C-152 carb heat on before landing in hot weather? Is my Rep in Stack-Exchange Form? What happens when your group is victim of a surprise attack but you can't be surprised? How come I was asked by a CBP
                                Read more