Level 8
Are you running TLS v1.3? You should be running TLS v1.3. What does /etc/letsencrypt/options-ssl-nginx.conf look like?
Jun 13, 2018
7
Level 21
Let's Encrypt ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Digital Ocean
Ubuntu 16.04.04 LTS NGINX 1.14.0 MYSQL 8.0+ PHP 7.2+
I have 2 domains
1. test.domain.com
2. admin.test.domain.com
my test.domain.com is working fine after creating a certification but admin.test.domain.com is not.
Have anyone encountered this before after newly creating a certification?
here is my server block in NGINX
test.domain.com IS WORKING FINE.
server {
root "/var/www/beta/latest/public";
server_name test.domain.com;
index index.php;
access_log /var/log/nginx/beta_access_log;
error_log /var/log/nginx/beta_error_log;
client_max_body_size 2M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/test.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = test.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name test.domain.com;
return 404; # managed by Certbot
}
Here is for admin.test.domain.com is not working
**NOTE HTTP is working fine. HTTPS is not.
This site can’t provide a secure connection
admin.test.domain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
server {
root "/var/www/beta/latest/public";
server_name admin.test.domain.com;
index index.php;
access_log /var/log/nginx/admin.test_access_log;
error_log /var/log/nginx/admin.test_error_log;
client_max_body_size 2M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
# managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/admin.test.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/admin.test.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = admin.test.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name admin.test.domain.com;
listen 80;
return 404; # managed by Certbot
}
removing the SSL Cert and returning to HTTP is working fine.
Level 67
How long ago did you create the dns for admin.test.domain.com? If it was really recent, it might not have propagated to letsencrypt yet. I've had to wait for it before, so that's why I'm mentioning it.
Level 21
@NickVahalik it's not enabled
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
I will enable TLSv1.3 and try again.
@Cronix the HTTP is working fine. but HTTPS is not.
it's working fine in test.domain.com it's not in admin.test.domain.com
Level 21
@NickVahalik still no luck
I created another test sub domain it's working fine with a new cert. I wonder whats causing this error.
Level 21
@NickVahalik @Cronix I found out the problem what's causing the HTTPS error. Cloudflare's DNS, I disabled it and everything worked.
Level 8
Glad to hear @skeith22 !
1 like
Level 21
@NickVahalik it's just weird cause my other sub domains are working with encryption enabled. but anyways thanks for helping :D
Please or to participate in this conversation.