TLS v1 enabled in nginx config but not working and certificates not availableBlank Page: wordpress on nginx+php-fpmphpmyadmin having problems on nginx and php-fpm on RHEL 6Nginx/Apache: set HSTS only if X-Forwarded-Proto is httpsOCSP validation - unable to get local issuer certificatenginx rewrite throw 404 with last and breakNginX + WordPress + SSL + non-www + W3TC vhost config file questionsUnable to use builtin CA bundle to verify GoDaddy SHA2 SSL certificateNginx override ssl_protocols directiveNot able to disable tls 1.1 for nginx

Missing Piece of Pie - Can you find it?

How to display a value with zenity?

String won't reverse using reverse_copy

Expressing 'our' for objects belonging to our apartment

Purpose of のは in this sentence?

I have a unique character that I'm having a problem writing. He's a virus!

Shantae Dance Matching

Understanding trademark infringements in a world where many dictionary words are trademarks?

How I can I roll a number of non-digital dice to get a random number between 1 and 150?

Why isn't nylon as strong as kevlar?

How can I support myself financially as a 17 year old with a loan?

Can there be a single technologically advanced nation, in a continent full of non-technologically advanced nations?

Can an isometry leave entropy invariant?

Should I replace my bicycle tires if they have not been inflated in multiple years

Can a nothic's Weird Insight action discover secrets about a player character that the character doesn't know about themselves?

BOOM! Perfect Clear for Mr. T

Would glacier 'trees' be plausible?

What is the name of this hexagon/pentagon polyhedron?

Is it safe ? Is it scam or real?

What are the advantages of luxury car brands like Acura/Lexus over their sibling non-luxury brands Honda/Toyota?

Why do money exchangers give different rates to different bills?

Can you complete the sequence?

How to model the curly cable part of the phone

If stationary points and minima are equivalent, then the function is convex?



TLS v1 enabled in nginx config but not working and certificates not available


Blank Page: wordpress on nginx+php-fpmphpmyadmin having problems on nginx and php-fpm on RHEL 6Nginx/Apache: set HSTS only if X-Forwarded-Proto is httpsOCSP validation - unable to get local issuer certificatenginx rewrite throw 404 with last and breakNginX + WordPress + SSL + non-www + W3TC vhost config file questionsUnable to use builtin CA bundle to verify GoDaddy SHA2 SSL certificateNginx override ssl_protocols directiveNot able to disable tls 1.1 for nginx






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
























  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47

















0















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
























  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47













0












0








0








I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl




ubuntu nginx ssl ssl-certificate openssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 21 '18 at 9:42







Jam3sn

















asked Sep 21 '18 at 9:01









Jam3snJam3sn

1042




1042












  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47

















  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47
















can you post your nginx config

– Drifter104
Sep 21 '18 at 9:38





can you post your nginx config

– Drifter104
Sep 21 '18 at 9:38













Sure, i've edited my post, obviously changed the domain and ssl_ciphers

– Jam3sn
Sep 21 '18 at 9:42





Sure, i've edited my post, obviously changed the domain and ssl_ciphers

– Jam3sn
Sep 21 '18 at 9:42













Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

– Drifter104
Sep 21 '18 at 9:45






Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

– Drifter104
Sep 21 '18 at 9:45














Yeah so that returns the no peer certificate available block above

– Jam3sn
Sep 21 '18 at 9:47





Yeah so that returns the no peer certificate available block above

– Jam3sn
Sep 21 '18 at 9:47










3 Answers
3






active

oldest

votes


















2














As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






share|improve this answer
































    0














    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






    share|improve this answer






























      0














      You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



      For example:



      http section:



      ssl_session_cache shared:SSL:10m;
      ssl_session_timeout 5m;
      ssl_prefer_server_ciphers on;
      ssl_stapling on;
      resolver 8.8.8.8;


      server section:



      ssl_protocols TLSv1.2;
      ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
      ssl_prefer_server_ciphers on;
      ssl_session_timeout 5m;
      ssl_session_tickets off;
      ssl_certificate SSL_Certificate.crt;
      ssl_certificate_key private.key;
      add_header Strict-Transport-Security "max-age=31536000";





      share|improve this answer























        Your Answer








        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "2"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );













        draft saved

        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f932008%2ftls-v1-enabled-in-nginx-config-but-not-working-and-certificates-not-available%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        2














        As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






        share|improve this answer





























          2














          As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






          share|improve this answer



























            2












            2








            2







            As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






            share|improve this answer















            As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Sep 21 '18 at 13:20









            Crypt32

            3,6071925




            3,6071925










            answered Sep 21 '18 at 12:50









            AHTAHT

            4616




            4616























                0














                So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                share|improve this answer



























                  0














                  So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                  I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                  share|improve this answer

























                    0












                    0








                    0







                    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                    share|improve this answer













                    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Sep 21 '18 at 14:53









                    Jam3snJam3sn

                    1042




                    1042





















                        0














                        You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                        For example:



                        http section:



                        ssl_session_cache shared:SSL:10m;
                        ssl_session_timeout 5m;
                        ssl_prefer_server_ciphers on;
                        ssl_stapling on;
                        resolver 8.8.8.8;


                        server section:



                        ssl_protocols TLSv1.2;
                        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                        ssl_prefer_server_ciphers on;
                        ssl_session_timeout 5m;
                        ssl_session_tickets off;
                        ssl_certificate SSL_Certificate.crt;
                        ssl_certificate_key private.key;
                        add_header Strict-Transport-Security "max-age=31536000";





                        share|improve this answer



























                          0














                          You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                          For example:



                          http section:



                          ssl_session_cache shared:SSL:10m;
                          ssl_session_timeout 5m;
                          ssl_prefer_server_ciphers on;
                          ssl_stapling on;
                          resolver 8.8.8.8;


                          server section:



                          ssl_protocols TLSv1.2;
                          ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                          ssl_prefer_server_ciphers on;
                          ssl_session_timeout 5m;
                          ssl_session_tickets off;
                          ssl_certificate SSL_Certificate.crt;
                          ssl_certificate_key private.key;
                          add_header Strict-Transport-Security "max-age=31536000";





                          share|improve this answer

























                            0












                            0








                            0







                            You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                            For example:



                            http section:



                            ssl_session_cache shared:SSL:10m;
                            ssl_session_timeout 5m;
                            ssl_prefer_server_ciphers on;
                            ssl_stapling on;
                            resolver 8.8.8.8;


                            server section:



                            ssl_protocols TLSv1.2;
                            ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                            ssl_prefer_server_ciphers on;
                            ssl_session_timeout 5m;
                            ssl_session_tickets off;
                            ssl_certificate SSL_Certificate.crt;
                            ssl_certificate_key private.key;
                            add_header Strict-Transport-Security "max-age=31536000";





                            share|improve this answer













                            You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                            For example:



                            http section:



                            ssl_session_cache shared:SSL:10m;
                            ssl_session_timeout 5m;
                            ssl_prefer_server_ciphers on;
                            ssl_stapling on;
                            resolver 8.8.8.8;


                            server section:



                            ssl_protocols TLSv1.2;
                            ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                            ssl_prefer_server_ciphers on;
                            ssl_session_timeout 5m;
                            ssl_session_tickets off;
                            ssl_certificate SSL_Certificate.crt;
                            ssl_certificate_key private.key;
                            add_header Strict-Transport-Security "max-age=31536000";






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Apr 24 at 9:53









                            slauta93slauta93

                            12




                            12



























                                draft saved

                                draft discarded
















































                                Thanks for contributing an answer to Server Fault!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f932008%2ftls-v1-enabled-in-nginx-config-but-not-working-and-certificates-not-available%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                -

                                Popular posts from this blog

                                Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

                                Image
                                Barça LassaBAXI ManresaCafés Candelas BreogánDelteco GBCDivina Seguros JoventutHerbalife Gran CanariaIberostar TenerifeKirolbet BaskoniaMonbus ObradoiroMontakit FuenlabradaMoraBanc AndorraMovistar EstudiantesReal MadridSan Pablo BurgosTecnyconta ZaragozaUCAM MurciaUnicajaValencia Basket Club Baloncesto Breogán baloncestoLugoGalicia1966JuanJosé Ramón Varela Portasmáxima categoría1970competicións europeasLiga ACBPavillón MunicipalPazo dos DeportesJesús Lázareliga EBAClub Estudiantes1965Lugobaloncestosegunda divisiónJosé RamónJuan Varela-Portas y Pardo1966Celestino Fernández de la Vega196869primeira divisiónZaragozaprimeira divisiónReal MadridJoventutEstudiantes19701971máxima categoría estatal11 de outubro1970Palacio dos DeportesLugoTenerifeMadridReal MadridAlfredo PérezBreogán19711972TenerifeMadridvascocatalánAlfredo PérezespañolMadridLugoManresa La Casera19741975As...
                                Read more

                                Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

                                Image
                                Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
                                Read more

                                Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

                                Image
                                OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
                                Read more