TLS v1 enabled in nginx config but not working and certificates not availableBlank Page: wordpress on nginx+php-fpmphpmyadmin having problems on nginx and php-fpm on RHEL 6Nginx/Apache: set HSTS only if X-Forwarded-Proto is httpsOCSP validation - unable to get local issuer certificatenginx rewrite throw 404 with last and breakNginX + WordPress + SSL + non-www + W3TC vhost config file questionsUnable to use builtin CA bundle to verify GoDaddy SHA2 SSL certificateNginx override ssl_protocols directiveNot able to disable tls 1.1 for nginx

Multi tool use
Multi tool use

Missing Piece of Pie - Can you find it?

How to display a value with zenity?

String won't reverse using reverse_copy

Expressing 'our' for objects belonging to our apartment

Purpose of のは in this sentence?

I have a unique character that I'm having a problem writing. He's a virus!

Shantae Dance Matching

Understanding trademark infringements in a world where many dictionary words are trademarks?

How I can I roll a number of non-digital dice to get a random number between 1 and 150?

Why isn't nylon as strong as kevlar?

How can I support myself financially as a 17 year old with a loan?

Can there be a single technologically advanced nation, in a continent full of non-technologically advanced nations?

Can an isometry leave entropy invariant?

Should I replace my bicycle tires if they have not been inflated in multiple years

Can a nothic's Weird Insight action discover secrets about a player character that the character doesn't know about themselves?

BOOM! Perfect Clear for Mr. T

Would glacier 'trees' be plausible?

What is the name of this hexagon/pentagon polyhedron?

Is it safe ? Is it scam or real?

What are the advantages of luxury car brands like Acura/Lexus over their sibling non-luxury brands Honda/Toyota?

Why do money exchangers give different rates to different bills?

Can you complete the sequence?

How to model the curly cable part of the phone

If stationary points and minima are equivalent, then the function is convex?



TLS v1 enabled in nginx config but not working and certificates not available


Blank Page: wordpress on nginx+php-fpmphpmyadmin having problems on nginx and php-fpm on RHEL 6Nginx/Apache: set HSTS only if X-Forwarded-Proto is httpsOCSP validation - unable to get local issuer certificatenginx rewrite throw 404 with last and breakNginX + WordPress + SSL + non-www + W3TC vhost config file questionsUnable to use builtin CA bundle to verify GoDaddy SHA2 SSL certificateNginx override ssl_protocols directiveNot able to disable tls 1.1 for nginx






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
























  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47

















0















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
























  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47













0












0








0








I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl







share|improve this question
















I have an Ubuntu 18.04.1 server running PHP 5.6 with Forge on Digital Ocean. I'm trying to to enable TLSv1 and TLSv1.1 for a site. So Ive edited my NGINX config to include them:



ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


Restarted NGINX and done a check with:



openssl s_client -host mydomain.co.uk -port 443 -tls1


which returns:



no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
 Protocol : TLSv1
 Cipher : 0000
 Session-ID:
 Session-ID-ctx:
 Master-Key:
 Start Time: 1537432315
 Timeout : 7200 (sec)
 Verify return code: 0 (ok)
---


So I've tried to create a new certificate with Let's Encrypt in Forge and activated it, restarted NGINX and checked again which returned the same response.



Any ideas, i'm not sure what i'm missing to get this working.



Edit: Full NGINX config:



# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/before/*;

server 
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.mydomain.co.uk;
 root /home/forge/www.mydomain.co.uk/public;

 # FORGE SSL (DO NOT REMOVE!)
 ssl_certificate /etc/nginx/ssl/www.mydomain.co.uk/414422/server.crt;
 ssl_certificate_key /etc/nginx/ssl/www.mydomain.co.uk/414422/server.key;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers LONG-CIPHER-IS-HERE;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparams.pem;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 # FORGE CONFIG (DO NOT REMOVE!)
 include forge-conf/www.mydomain.co.uk/server/*;

 location / 
 try_files $uri $uri/ /index.php?$query_string;
 

 location = /favicon.ico access_log off; log_not_found off; 
 location = /robots.txt access_log off; log_not_found off; 

 access_log off;
 error_log /var/log/nginx/www.mydomain.co.uk-error.log error;

 #error_page 404 /index.php;

 location ~ .php$ 
 fastcgi_split_path_info ^(.+.php)(/.+)$;
 fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 

 location ~ /.(?!well-known).* 
 deny all;
 


# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.mydomain.co.uk/after/*;





ubuntu nginx ssl ssl-certificate openssl




ubuntu nginx ssl ssl-certificate openssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 21 '18 at 9:42







Jam3sn

















asked Sep 21 '18 at 9:01









Jam3snJam3sn

1042




1042












  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47

















  • can you post your nginx config

    – Drifter104
    Sep 21 '18 at 9:38











  • Sure, i've edited my post, obviously changed the domain and ssl_ciphers

    – Jam3sn
    Sep 21 '18 at 9:42











  • Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

    – Drifter104
    Sep 21 '18 at 9:45












  • Yeah so that returns the no peer certificate available block above

    – Jam3sn
    Sep 21 '18 at 9:47
















can you post your nginx config

– Drifter104
Sep 21 '18 at 9:38





can you post your nginx config

– Drifter104
Sep 21 '18 at 9:38













Sure, i've edited my post, obviously changed the domain and ssl_ciphers

– Jam3sn
Sep 21 '18 at 9:42





Sure, i've edited my post, obviously changed the domain and ssl_ciphers

– Jam3sn
Sep 21 '18 at 9:42













Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

– Drifter104
Sep 21 '18 at 9:45






Try openssl s_client -host www.mydomain.co.uk -port 443 -tls1 what do you get back?

– Drifter104
Sep 21 '18 at 9:45














Yeah so that returns the no peer certificate available block above

– Jam3sn
Sep 21 '18 at 9:47





Yeah so that returns the no peer certificate available block above

– Jam3sn
Sep 21 '18 at 9:47










3 Answers
3






active

oldest

votes


















2














As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






share|improve this answer
































    0














    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






    share|improve this answer






























      0














      You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



      For example:



      http section:



      ssl_session_cache shared:SSL:10m;
      ssl_session_timeout 5m;
      ssl_prefer_server_ciphers on;
      ssl_stapling on;
      resolver 8.8.8.8;


      server section:



      ssl_protocols TLSv1.2;
      ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
      ssl_prefer_server_ciphers on;
      ssl_session_timeout 5m;
      ssl_session_tickets off;
      ssl_certificate SSL_Certificate.crt;
      ssl_certificate_key private.key;
      add_header Strict-Transport-Security "max-age=31536000";





      share|improve this answer























        Your Answer








        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "2"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );













        draft saved

        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f932008%2ftls-v1-enabled-in-nginx-config-but-not-working-and-certificates-not-available%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        2














        As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






        share|improve this answer





























          2














          As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






          share|improve this answer



























            2












            2








            2







            As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540






            share|improve this answer















            As far as I know HTTP/2 uses only TLS1.2 and above. You can find more information in the relevant RFC 7540







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Sep 21 '18 at 13:20









            Crypt32

            3,6071925




            3,6071925










            answered Sep 21 '18 at 12:50









            AHTAHT

            4616




            4616























                0














                So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                share|improve this answer



























                  0














                  So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                  I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                  share|improve this answer

























                    0












                    0








                    0







                    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs






                    share|improve this answer













                    So it was due to the ciphers being used. See the answer here: https://stackoverflow.com/questions/47953440/how-to-enable-back-tlsv1-and-tlsv1-1-on-nginx



                    I used the Mozilla SSL Configuration Generator to create the correct cipher for it work and tested it with SSL Labs







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Sep 21 '18 at 14:53









                    Jam3snJam3sn

                    1042




                    1042





















                        0














                        You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                        For example:



                        http section:



                        ssl_session_cache shared:SSL:10m;
                        ssl_session_timeout 5m;
                        ssl_prefer_server_ciphers on;
                        ssl_stapling on;
                        resolver 8.8.8.8;


                        server section:



                        ssl_protocols TLSv1.2;
                        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                        ssl_prefer_server_ciphers on;
                        ssl_session_timeout 5m;
                        ssl_session_tickets off;
                        ssl_certificate SSL_Certificate.crt;
                        ssl_certificate_key private.key;
                        add_header Strict-Transport-Security "max-age=31536000";





                        share|improve this answer



























                          0














                          You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                          For example:



                          http section:



                          ssl_session_cache shared:SSL:10m;
                          ssl_session_timeout 5m;
                          ssl_prefer_server_ciphers on;
                          ssl_stapling on;
                          resolver 8.8.8.8;


                          server section:



                          ssl_protocols TLSv1.2;
                          ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                          ssl_prefer_server_ciphers on;
                          ssl_session_timeout 5m;
                          ssl_session_tickets off;
                          ssl_certificate SSL_Certificate.crt;
                          ssl_certificate_key private.key;
                          add_header Strict-Transport-Security "max-age=31536000";





                          share|improve this answer

























                            0












                            0








                            0







                            You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                            For example:



                            http section:



                            ssl_session_cache shared:SSL:10m;
                            ssl_session_timeout 5m;
                            ssl_prefer_server_ciphers on;
                            ssl_stapling on;
                            resolver 8.8.8.8;


                            server section:



                            ssl_protocols TLSv1.2;
                            ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                            ssl_prefer_server_ciphers on;
                            ssl_session_timeout 5m;
                            ssl_session_tickets off;
                            ssl_certificate SSL_Certificate.crt;
                            ssl_certificate_key private.key;
                            add_header Strict-Transport-Security "max-age=31536000";





                            share|improve this answer













                            You must configure the server to work with the TLS1.2 protocol on all virtual hosts of your nginx.



                            For example:



                            http section:



                            ssl_session_cache shared:SSL:10m;
                            ssl_session_timeout 5m;
                            ssl_prefer_server_ciphers on;
                            ssl_stapling on;
                            resolver 8.8.8.8;


                            server section:



                            ssl_protocols TLSv1.2;
                            ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS';
                            ssl_prefer_server_ciphers on;
                            ssl_session_timeout 5m;
                            ssl_session_tickets off;
                            ssl_certificate SSL_Certificate.crt;
                            ssl_certificate_key private.key;
                            add_header Strict-Transport-Security "max-age=31536000";






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Apr 24 at 9:53









                            slauta93slauta93

                            12




                            12



























                                draft saved

                                draft discarded
















































                                Thanks for contributing an answer to Server Fault!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f932008%2ftls-v1-enabled-in-nginx-config-but-not-working-and-certificates-not-available%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                KT3Pgq3 G8 C,MFsblCQyhiiIc7U
                                -
                                loRpqWjGm1MajLc8HuvzdT4K8hsxsTw TKNlxpF2QA FJrN1spbtCTN4w4smH C Z Tn,cTI,2mskqS VDOb1GPE,sncSzMaFte

                                Popular posts from this blog

                                RemoteApp sporadic failureWindows 2008 RemoteAPP client disconnects within a matter of minutesWhat is the minimum version of RDP supported by Server 2012 RDS?How to configure a Remoteapp server to increase stabilityMicrosoft RemoteApp Active SessionRDWeb TS connection broken for some users post RemoteApp certificate changeRemote Desktop Licensing, RemoteAPPRDS 2012 R2 some users are not able to logon after changed date and time on Connection BrokersWhat happens during Remote Desktop logon, and is there any logging?After installing RDS on WinServer 2016 I still can only connect with two users?RD Connection via RDGW to Session host is not connecting

                                Image
                                Can I use my laptop, which says 100-240V, in the USA? Definition of Newton's first law Why did the ICC decide not to probe alleged US atrocities in Afghanistan? Is there ever any indication in the MCU as to how Spider-Man got his powers? Should pressure only be applied at the top of a pastry bag? How did Thanos not realise this had happened at the end of Endgame? On studying Computer Science vs. Software Engineering to become a proficient coder Why does the Earth follow an elliptical trajectory rather than a parabolic one? What's the word for the soldier salute? Why not just directly invest in the holdings of an ETF? Can a tourist shoot a gun in the USA? Why in a Ethernet LAN, a packet sniffer can obtain all packets sent over the LAN? What is Plautus’s pun about frustum and frustrum? Extrude the faces of a cube symmetrically along XYZ Why does my circuit work on a breadboard, but not on a perfboard? I am new to soldering How do I tell my supervisor...
                                Read more

                                Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

                                Image
                                Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
                                Read more

                                Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

                                Image
                                OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
                                Read more