SSL always gives me problems, how do I fix this?

[falken76]

I have only successfully installed Prestashop once but I had a terrible URL I set it up with so I want to make a new site.

I use cloudflare for DNS.  I bought a new domain.  I followed this tutorial:
 

https://geekrewind.com/how-to-install-prestashop-on-ubuntu-20-04-18-04-with-nginx-and-lets-encrypt/

I'm attempting to self host for a short time and my ISP blocks port 80.  The tutorial leaves small details out like changing the directory path of where certbot puts your files, but once I got all those configurations fixed, the server itself was able to pass the DNS challenge, I had to change directory paths in an nginx config file that they forgot to tell you to do, so once that was done, nginx would actually load without failing.

Now, all I did was copy what they said to copy and pasted into files to make configs.  They don't even tell you to setup an A record before going to the https://url.com, but whatever, it's part of the process.  When set the record up and waited for DNS to propagate, I went to HTTPS and I get these errors:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

SSL_ERROR_NO_CYPHER_OVERLAP

 

 

First it has you make a file called Prestashop under sites-available.  Then you put this content into that file:
 

server {

listen 80;

listen [::]:80;

root /var/www/prestashop;

index index.php index.html index.htm;

server_name example.com www.example.com; (I'm putting in my real url in place of example.com)

There's a bunch of rewrite commands that I don't understand at all, somewhere in there you change the admin location.

Then you do the certbot stuff which seemed to work as expected.  I created the cron to renew the cert when needed.

THEN it has you open prestashop under sites-available again and you're supposed to add let's encrypt configs to secure the website.  This is where I believe I have a config issue.  It shows to add info for port 443 there but am I supposed to change something?  It says to add the following:

"Server {

    Listen 80;

    listen [::]:80;

    server_name *.example.com;

   return 301 https://$host$request_uri;  (Is this a typo, is that supposed to say request_url?  or is ur i as in ice cream correct?)

}

server {

   listen 443 ssl http2;

   listen [::]:443 ssl http2;

   root /var/www/prestashop;

   indes index.php index.html index.htm;

   server_name example.com www.example.com

This confuses me.  When they originally had me make this config file server name is listed as a wildcard with *.example.com on port 80.  But when they have you add the ssl config stuff to the same file you just made, the server_name is now a wildcard on port 80, but port 443 doesn't show wildcard, it shows example.com and www.example.com - could that cause issues? are they supposed to both be *.example.com?

When I try to find info on the errors on google, it seems like it's saying I have an old TLS or something, other resources say something about domain names not matching.  I can't find a simple straight answer.  What am I doing wrong?  All I have for SSL Ciphers is from the config file and it reads:

ssl_ciphers 'TLS13+AESGCM+AES128:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

 

I don't know what any of that means, am I supposed to find new codes somewhere?

Edited August 11, 2022 by falken76 (see edit history)