Ssl_session [I need help]


#1

I installed Let’s Encrypt using Certbot on nginx & ubuntu.

But, I did not see ssl_session_cache in the nginx default and nginx.conf file to be enabled.

Does certbot enables ssl_session_cache - sl_session_timeout - ssl_stapling

If yes, were are they located?


#2

I don’t think any of those are handled by certbot.
Those are handled by nginx and you.


#3

Depending on the installer plugin used, certbot does add TLS related directives.

I don’t know what the nginx plugin adds though.


#4

Certbot plugins handle:
ssl_session_cache
ssl_session_timeout
ssl_stapling

if so, it’s taking automation to a whole new level…


#5

When using “certbot --nginx” to have Certbot configure Nginx, it should add “include /etc/letsencrypt/options-ssl-nginx.conf;” to your Nginx configuration. Check that file, it has several SSL settings.

If you use “certbot certonly”, it makes no changes to the web server configuration.

Yes.

Yes, that has a default value, but Certbot changes it.

I’m afraid not. If you want to enable OCSP stapling, you’ll have to configure it.


#6

mnordhoff, I wanted to ask you about something else.

As you said I saw in the nginx default file [ include /etc/letsencrypt/options-ssl-nginx.conf ]
But those settings were outside the server block server { …}
Should I create a server { 443 … } and put that file inside, yes or no?


#7

When you want a specific person to get your message, you need to preface their name/ID with the @ symbol.

As for your question, when used outside of a specific server block it should be a global setting. When used inside a specific server block it would only affect that server block and should override the global settings.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.