I have been installing Let’s Encrypt SSL Certificates on my domains using PLESK and their extension. I am running PLESK ONYX (17) on a Cent OS server.
The installed certificate looked great. www.ssllabs.com gave it an A. Checking my webstats over the next few days I noticed an increased bounce rate of about 15% though. Then I went to Browserstack to load the site up in a bunch of browsers to see what it looked like. I was getting ‘The site cannot be reached’ in Chrome 50 and below (could not test above this) and a Firefox Features page in Firefox 45 and below (could not test above this) on both Mac and PC. Chrome was giving this error:
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
I searched and searched, some sites seemed to indicate this may be unsupported browsers, others suggested it was a problem in Chrome, but nothing seemed to help. I did find these two useful pages however:
These suggest the problem is in the server SSL configuration and that certain ciphers have to be removed / amended (above my pay grade at this point). I amended my nginx ssl.conf file by replacing:
ssl_ciphers HIGH:!aNULL:!MD5
with:
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
and checks now show the site is loading on Chrome 50 and below and Firefox 45 and below and www.ssllabs.com still gives the certificate an A. The path to my nginx ssl.conf is:
/etc/nginx/conf.d/
After replacing the text above, I restarted nginx:
service nginx restart
I am posting here so others might find it, but also as a check on myself. If anyone reading this has thoughts, advice, or recommendations. Let me know.
Regards
Mike Hartley