Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: |Android 5.0.0|Server sent fatal alert: handshake_failure| |—|---| |Android 6.0|Server sent fatal alert: handshake_failure| IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure
My web server is (include version): Nginx
The operating system my web server runs on is (include version): CentOS
My hosting provider, if applicable, is: Amazon Web Services
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No. Only using SSH/ SFTP
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):NA
What’s the issue with your error message?
The “handshake failure” generally means there’s not a match between your server configuration for ciphers or protocols and the clients. You can choose to compromise and adjust your site condifuration or lose these competability.
That would exclude Android 5 and 6 again, as they only have 128 bit ciphers with forward secrecy (which is obviously something you'd want). Or you'd need to include the "old" Chacha20 ciphers. Not sure if that's wise though?
In any case, the handshake failure is indeed a mismatch between server ciphers and client ciphers.
