Letsencrypt certificate produces SSL error

I have just installed a letsencrypt certificate via the server certificate module on my Nethserver 7 (final version).
It seems that it worked fine, i.e. the new certificate is shown in the list of certificates and no errors are shown in the log file. I set the certificate to default.

However, when I browse to my website that I host on Nethserver, firefox shows an error message that the SSL certificate is not secure and gives the following error code to me: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
could it be that the module uses a prime that is not large enough (for the Diffie-Hellman algorithm)? or does Nethserver use another algorithm? And do you have any idea how to fix that problem?

You may try to increase apache (httpd) security.


thanks!!! I will try it tomorrow… :wink:

1 Like

The real reason for that error was that my router from the ISP didn’t forward the port 443… simply a stupid failure in the configuration…! :wink:

However, I found on the way towards the solution this guide for making a server much more secure against known SSL attacks: https://weakdh.org/sysadmin.html
I following that guide and disabled SSL3 in addition. And now my server gets a A+ in the SSLtest of ssllabs!
perhaps one could implement it in a future ijrelease of Nethserver!??! Basically it is only a change of the CipherSuites in /etc/httpd/conf.d/ssl.conf and /etc/httpd/admin-conf/httpd.conf and disabling SSL3 in the former:
SSLProtocol all -SSLv2 -SSLv3


1 Like

I have just created a new topic for discussing this feature: More secure SSL CipherSuites