but giving below error:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I believe the pem files which are generating are not proper ,previously I used to get the privkey.pem files with length of 28 but now which got generated is of 5 lines sue to which jks and p12 files are getting generated using openssl.
is there any change from letscrypt to generate the pem files?
I use certbot/dns-google image and server https://acme-v02.api.letsencrypt.org/directory.
command I'm using is:
docker run -it --rm --name certbot
-v "/etc/letsencrypt:/etc/letsencrypt"
-v "$(pwd)":"/google"
-v "/var/lib/letsencrypt:/var/lib/letsencrypt"
certbot/dns-google certonly
--dns-google
--server https://acme-v02.api.letsencrypt.org/directory
--dns-google-credentials /google/(gcp service account private key json file)
-d *.sc.manh.cloud
I am reaching the rate limit to prod url so I am checking with staging.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:sc.manh.cloud
I ran this command:
It produced this output:
This site can’t provide a secure connection
sc-18.sc.manh.cloud uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
My web server is (include version):nginx/1.11.8
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):yes
Where exactly did you see this error message? The screenshot you posted shows a successful certificate update. This error means a client and server tried to communicate, but don't support a common TLS version, for example an old program that only supports TLS 1.0 and a newer program that only supports TLS 1.2 and newer. Your webserver appears to only support TLS 1.2: SSL Server Test: sc-18.sc.manh.cloud (Powered by Qualys SSL Labs)
Your nginx version 1.11.8 is many years old, and has critical vulnerabilities. It is not safe to leave on the internet.
You stated your webserver is nginx, which supports PEM files, so I am not sure what the jks and p12 conversions are for.
after updating the pem files in vm I received this error ERR_SSL_VERSION_OR_CIPHER_MISMATCH in browser for sc-18.sc.manh.cloud
I would need jks and p12 for spring boot application.
I wanted to know is the staging url used to check the successful generation of pem files or they can also be used for renewal.as I tried placing the pem files which are generated via the staging url as well but no luck still same error I'm getting in browser.
