I installed Let’s Encrypt using Certbot on nginx & ubuntu.
But, I did not see ssl_session_cache in the nginx default and nginx.conf file to be enabled.
Does certbot enables ssl_session_cache - sl_session_timeout - ssl_stapling
If yes, were are they located?
I don't think any of those are handled by certbot.
Those are handled by nginx and you.
Depending on the installer plugin used, certbot does add TLS related directives.
I don't know what the nginx plugin adds though.
Certbot plugins handle:
ssl_session_cache
ssl_session_timeout
ssl_stapling
if so, it’s taking automation to a whole new level…
When using "certbot --nginx" to have Certbot configure Nginx, it should add "include /etc/letsencrypt/options-ssl-nginx.conf;" to your Nginx configuration. Check that file, it has several SSL settings.
If you use "certbot certonly", it makes no changes to the web server configuration.
Yes.
Yes, that has a default value, but Certbot changes it.
I'm afraid not. If you want to enable OCSP stapling, you'll have to configure it.
mnordhoff, I wanted to ask you about something else.
As you said I saw in the nginx default file [ include /etc/letsencrypt/options-ssl-nginx.conf ]
But those settings were outside the server block server { …}
Should I create a server { 443 … } and put that file inside, yes or no?
When you want a specific person to get your message, you need to preface their name/ID with the @ symbol.
As for your question, when used outside of a specific server block it should be a global setting. When used inside a specific server block it would only affect that server block and should override the global settings.