Implement TLS1.3 on Nginx with Lets encrypt SSL certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: Trying to update to TLS 1.4 (openssl s_client -connect -tls1_3)

It produced this output:

139841220510144:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1528:SSL alert number 70

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 251 bytes

Verification: OK

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Hi @madhuri, and welcome to the LE community forum :slight_smile:

That should read "TLS 1.3"
[TLS 1.4 is not a thing even in the roadmap - next up should be TLS 2.0 (no date released yet)]

Certificates are generally not tied to, nor can they limit, the protocols and ciphers used with them.
[If you need NGINX to support TLS 1.3, you don't need a new certificate]

To support TLS 1.3, you may need to update the NGINX version &/or the protocols/ciphers used by it.
[Neither or which are topics covered by this forum]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.