I’m confused now, as the directory
has two ssl related links.
root@NEW:/etc/apache2/mods-enabled# ls -l *ssl*
lrwxrwxrwx 1 root root 26 Aug 14 14:07 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 Aug 14 14:07 ssl.load -> ../mods-available/ssl.load
but Let’s Encrypt only has one file,
so it begs the obvious question, if I remove ssl.conf, should I remove ssl.load? Also, the Let’s Encrypt file has warnings about editing the file manually
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
Anyway, editing the Let’s Encrypt file, to
# SSLProtocol all -SSLv2 -SSLv3
SSLProtocol all -SSLv2 -SSLv3 -TLSv1.1 -TLSv1
does disable TLS 1.0 and 1.1, so my website gets an A from SSL Labs.
Finally I got the older protocols disabled, but I do agree having two files that are setting the same parameter is not good.