Need to downgrade tls 1.2 from 1.3 letsencrypt production environment

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
https://www.ittv.in/
I ran this command:
i have to downgrade tls 1.2 from tls 1.3
It produced this output:
installed successfully using this client https://acme-v02.api.letsencrypt.org/directory
My web server is (include version):
nginx ingress controller
The operating system my web server runs on is (include version):
azure kuberenete service v1.19
My hosting provider, if applicable, is:
Azure Cloud
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ACME v2 Production Environment

1 Like

Hi @gsmanigandan and welcome to the LE community forum :slight_smile:

Certificates don't control the TLS used.
You need to review the nginx configuration.
Look for:
ssl_protocols

2 Likes

That's not an ACME client, but the ACME API a client would be able to connect to. Which client are you using exactly? Depending on your client it may or may not have an option to disable TLSv1.3. Please refer to the documentation of said client.

2 Likes

Thanks for info. Could you share url to change settings nginx ingress controller

2 Likes

Thanks for info. We are getting let'sencrypt production certificate from cluster issuer. Is there any possible to enable tls. 1.2 using certbot client.

1 Like

These URLs can help:

3 Likes

I have no idea what "cluster issuer" is, but if you're not using Certbot as a client, I would not recommend using Certbot just to change the TLS version.

By the way, the DNS of your domain is down. I'm getting a "REFUSED" error back from the Azure DNS servers when requesting them for ittv.in or www.ittv.in.

3 Likes