TLSv1.3 error nginx

1

When I do a bench setup nginx,

the file in /etc/nginx/conf.d/frappe-bench.conf contain on the ssl_protocols TLSv1.3 and this cause an error when trying to start nging with sudo service nginx reload

Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx.service” and “journalctl -xe” for details.

nginx: [warn] invalid value “TLSv1.3” in /etc/nginx/conf.d/frappe-bench.conf:

If I manually remove the TLSv1.3 and reload nginx it’s ok.

Any idea why? I’m using let’s encrypt

1 Like
2

@Samuel_Gervais - Thank you very much for sharing your experience.

Just to add- there are two references to TLSv1.3 that must be removed and its perhaps easier to locate the nginx.conf file here: frappe/frappe-bench/config .

I too experienced the same challenge after upgrading to ERPNext v11.1.72 (version-11) : Frappe Framework: v11.1.64 (version-11) and had to resort to this workaround.

I hope this will help someone else in the future!

1 Like
3

Encountered same issue yesterday! Had to use this workaround…

4

Looks like this issue still hasn’t been fixed !

5

You will have to upgrade nginx on your server to resolve this issue. I used below commands and then set up the latest version of lets-encrypt and it seems to be working.

sudo apt install python-software-properties
sudo add-apt-repository ppa:nginx/stable
sudo apt update
sudo apt-get update
sudo apt-get install nginx
sudo bench setup lets-encrypt [site-name]
3 Likes
6

Thanks a lot @Pawan

How did you setup the latest version of letsencrypt ?

Kind regards.

7

bench setup lets-encrypt [site-name] should work.

1 Like
8

Disable ssl from the conf file for the given site(s) and remove following rows from site_config.json file.

encryption_key, ssl_certificate & ssl_certificate_key.

Then run

bench setup nginx

Once bench command runs successfully, you can setup ssl certificate using this command

bench setup lets-encrypt [site-name]

Goodluck.

1 Like