Ssl_session [I need help]


I installed Let’s Encrypt using Certbot on nginx & ubuntu.

But, I did not see ssl_session_cache in the nginx default and nginx.conf file to be enabled.

Does certbot enables ssl_session_cache - sl_session_timeout - ssl_stapling

If yes, were are they located?


I don’t think any of those are handled by certbot.
Those are handled by nginx and you.


Depending on the installer plugin used, certbot does add TLS related directives.

I don’t know what the nginx plugin adds though.


Certbot plugins handle:

if so, it’s taking automation to a whole new level…


When using “certbot --nginx” to have Certbot configure Nginx, it should add “include /etc/letsencrypt/options-ssl-nginx.conf;” to your Nginx configuration. Check that file, it has several SSL settings.

If you use “certbot certonly”, it makes no changes to the web server configuration.


Yes, that has a default value, but Certbot changes it.

I’m afraid not. If you want to enable OCSP stapling, you’ll have to configure it.


mnordhoff, I wanted to ask you about something else.

As you said I saw in the nginx default file [ include /etc/letsencrypt/options-ssl-nginx.conf ]
But those settings were outside the server block server { …}
Should I create a server { 443 … } and put that file inside, yes or no?


When you want a specific person to get your message, you need to preface their name/ID with the @ symbol.

As for your question, when used outside of a specific server block it should be a global setting. When used inside a specific server block it would only affect that server block and should override the global settings.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.