TLS Configuration on Web Server Not Working for Some Clients

Help
1

Please fill out the fields below so we can help you better.
Hello
i’m using Let’s Encrypt certification in my VPS(plesk) it seems everything ok an secure but in some big companies (i mean with secure internet server) they can not open the site .

My domain is:
alberodeibimbi.it

I ran this command:
certification error
It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:
Plesk - VPS

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

2

If you check the output from https://www.ssllabs.com/ssltest/analyze.html?d=alberodeibimbi.it&hideResults=on test, that will give you a good hint - “Server negotiated HTTP/2 with blacklisted suite”. This could be one of the reasons why connecting to your site causes errors. See the following discussion for details: https://community.qualys.com/thread/16055

3

ah thanks

it’s just very difficult for me . do i need to copy that lines into my certificate? or for me there is something else ?

4

You need to alter the configuration of your web server to exclude the blacklisted cipher(s) or ask someone who has configured that initially. It is well-known that enabling HTTP/2 requires following some rules in terms how ciphers have to be configured (I had a small post about that time ago).

5

i did all and know it’s okay in test .

but they can not open it in firefox . the same secure problem .

can you please test it ?
thanks a lot

6

what version of Firefox ??? One recent Firefox update started giving me SSL errors on all my sites. I went back to Firefox 51.0 and have not tested their latest version.

From Chrome and SSLLabs everything is fine.

Screen Shot 2017-04-21 at 12.51.20 PM.png1411×474 229 KB

Screen Shot 2017-04-21 at 12.53.39 PM.png1067×505 35.3 KB

7

I think to get useful answers you need to do a bit more groundwork yourself.

A) What is the error message that they are getting?
B) What clients are they using (is it Internet Explorer x, Chrome Y etc)
C) Some big companies use older browsers as their standard browser so this could be the probelm
D) Are the failures consistent or intermediate

Once you narrow down what the actual problem is (what part of TLS is failing) you can take the appropriate steps to fix it or ask people for recommendations

Andrei

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.