fitxo
April 6, 2018, 11:18am
1
Hello, i have just installed let’s encrypt on a server i manage through plesk, altought i have SSH access i found it easier to just install it on plesk, it ran without errors but i cant access the domain i have created the certificate for. It says it cant check for the autenticity of the data provided. I dont know and cant find if I need to do anything else or i just misread the instructions to do that.
I wild gladly appreciate any help with this. Thank you all.
My domain is: anunciamano.com
I ran this command: installed via plesk
It produced this output: says everything is fine
My web server is (include version):Apache2
The operating system my web server runs on is (include version): Ubuntu 14.04.3 LTS
My hosting provider, if applicable, is: strato
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): plesk
fitxo
April 17, 2018, 4:39pm
2
I still cant figure this out, can someone point me on where i have to look at least?
openssl s_client -connect anunciamano.com:443 -servername anunciamano.com
CONNECTED(00000003)
3061171596:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
It looks like the default SSL configuration in Ubuntu 14.04 (or Plesk when run on that operating system) might be incompatible with modern clients.
You can apply the Mozilla-reccomended Intermediate SSL configuration to your server:
plesk sbin sslmng --ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" --protocols="TLSv1.0 TLSv1.1 TLSv1.2" --strong-dh --disable-tls-compression
This should make it happier.
system
Closed
May 17, 2018, 6:13pm
4
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.