I am not an expert in server management, so I am a big fan of EasyEngine as it saves me countless hours on each domain setup. From server stack to LetsEncrypt SSL certificate, EasyEngine covers all aspects (and it is as easy to use as the name implies).
However, these days I ran into massive issues with the SSL certificates of new domains. Both Chrome and Firefox were returning an error when trying to access my new site. The error was “ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY”. Funny thing, IE11 was the only browser to correctly display my site (facepalm), really? IE11 of them all?
Anyway, after spending a lot of time trying to figure it out, turns out there were some missing settings in the nginx configuration.
Here is how I solved it:
I placed the following code inside /var/www/mydomain.com/conf/nginx/ssl.conf right after the default lines.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
HINT: Don’t forget to reload your nginx configuration!
Hope this saves you some time and efforts.
Solution taken from https://cipherli.st/
Image source: PixaBay.com