Hi.
My domain is:
https://www2.osiosloukasmonastery.gr/
And
I ran this command:
sudo certbot --staple-ocsp --must-staple certonly --manual --preferred-challenges=dns -d 'osiosloukasmonastery.gr' -d '*.osiosloukasmonastery.gr' --manual-auth-hook '/root/bin/certbot_stuff/auth-hook_4All.tcsh add CERTBOT_VALIDATION' --manual-cleanup-hook '/root/bin/certbot_stuff/auth-hook_4All.tcsh remove CERTBOT_VALIDATION'
It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/osiosloukasmonastery.gr/fullchain.pem
Key is saved at: /etc/letsencrypt/live/osiosloukasmonastery.gr/privkey.pem
This certificate expires on 2024-10-08.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
My web server is (include version):
apache 2.4.56
The operating system my web server runs on is (include version):
apple mac mini m1 (2020)
sonoma 14.1.1
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 1.22.0
SSLlabs reports that TLS v1.3 in not enabled.
https://www.ssllabs.com/ssltest/analyze.html?d=www2.osiosloukasmonastery.gr&hideResults=on
Any idea? Do I really need it?
The command "openssl ciphers" gives:
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA
And "openssl version"
OpenSSL 1.1.1k FIPS 25 Mar 2021
And in httpd-ssl.conf I used:
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLProtocol all -SSLv3
Thanks in advance