Hi. I have two domains, both with le ssl, also both have default ssl configuration in VirtualHost 443. First one in ssllabs.com tests shows that has support for only TLS 1.2 but second one have for each TLS version. No idea why, because both in their configuration have Code: SSLProtocol All -SSLv2 -SSLv3 The one with each TLS support is used as domain for ISP panel/ server hostname. Is it possible that something overwrite their configs?
I might not understand your question, but SSLProtocol is set in /etc/apache2/sites-enabled/000-ispconfig.vhost (on debian) for the ispconfig panel vhost.
Anything is possible. Which one is being overwritten? ISPC or other domain? Do check if you have an existing custom vhost set to override the default.
I have few domains created under ISP. One is used for get LE SSL for ISP Panel. When I put their addresses in ssllabs.com due to test their ssl certs I have result: - domain used for provide ssl for ISP has rating A+ and in Protocols tab I see support (that they are turned on) for TLS 1.2, TLS 1.1, TLS 1.0 but in .vhost file for this domain I have config --> SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 - other domain has config (default created by ISP after turning on LE SSL) --> SSLProtocol All -SSLv2 -SSLv3 - but in ssllabs.com test get of course A+ but in Protocols tab I see "yes" for only TLS 1.2 I have default ispconfig vhost file, all files are default. And I don't get the difference. It's strange. Apache2 ssl.conf file also has setting --> SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 PS 000-ispconfig.vhost file has line (it's default, I don't change ISP files) --> SSLProtocol All -SSLv3
May need to go through your domain vhost files to be sure what've gone wrong as all my domains (on nginx server, not apache) don't have these problems so far.
I didn't have these problems also but on ISP version 3.1.5. Then I updated to 3.1.7p1 and I have this strange thing. Hard to determine it depends from it or not. And it's really strange, because I have all default .vhost files but I will try check this one domain vhost file and compare with other files. PS I used BeyondCompare to compare two domains - without success. I can send you both files in PM if you would like to help find out what's wrong.
What port do you access the control panel on, 8080 (or anything other than 443)? If so, the SSLProtocol setting in 000-ispconfig.vhost is what is in effect, not the setting for the port 443 vhost.
ssllabs.com only check for port 443, which means you must have checked your ISPC domain and other domain on that port, not on 8080. That's why in the earlier reply I was curious on the vhost file of the other domain which only has TLS1.2 instead of all three like your ISPC domain. You may pm me but I can't promise on resolving this either.
My ISP panel works on 8080 port but use domain which you have in last PM with s1 prefix. I used your tutorial to setup https for ISP panel. You know, domain created under ISP, turning on le ssl and ssl etc. Of course when I enter only domain without port in browser I have default index page generated by ISP, which is needed result. That's why I check domain vhost file not ISP vhost and therefore it's strange for me. PS I sent PM.
Sorry I missed your SSL Protocol while reading your earlier posts, so try to change SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 to SSLProtocol All -SSLv2 -SSLv3 only as the earlier is the fault for disabling TLSv1 and TLSv1.1. As stated in my first reply, check if you have conf custom vhost that overrides the default vhost.conf.master because the default is the one I suggested as fix above, and yours is not.
List of conf files from /etc/apache2/sites-enabled: Code: total 0 lrwxrwxrwx 1 root root 39 Apr 14 2017 000-apps.vhost -> /etc/apache2/sites-available/apps.vhost lrwxrwxrwx 1 root root 35 Apr 13 2017 000-default.conf -> ../sites-available/000-default.conf lrwxrwxrwx 1 root root 43 Apr 14 2017 000-ispconfig.conf -> /etc/apache2/sites-available/ispconfig.conf lrwxrwxrwx 1 root root 44 Apr 14 2017 000-ispconfig.vhost -> /etc/apache2/sites-available/ispconfig.vhost lrwxrwxrwx 1 root root 54 Jun 22 11:26 100-domain1.com.vhost -> /etc/apache2/sites-available/domain1.com.vhost lrwxrwxrwx 1 root root 54 Oct 19 14:31 100-domain2.pl.vhost -> /etc/apache2/sites-available/domain2.pl.vhost lrwxrwxrwx 1 root root 54 Oct 16 14:42 100-domain3.pl.vhost -> /etc/apache2/sites-available/domain3.pl.vhost lrwxrwxrwx 1 root root 45 Oct 10 10:10 100-domain4.pl.vhost -> /etc/apache2/sites-available/domain4.pl.vhost lrwxrwxrwx 1 root root 47 Oct 10 13:16 100-domain5.pl.vhost -> /etc/apache2/sites-available/domain5.vhost lrwxrwxrwx 1 root root 50 Oct 27 09:30 100-domain6.vhost -> /etc/apache2/sites-available/domain6.vhost lrwxrwxrwx 1 root root 48 May 24 14:16 100-domain7.vhost -> /etc/apache2/sites-available/domain7.vhost lrwxrwxrwx 1 root root 48 Jul 19 06:55 100-domain8.pl.vhost -> /etc/apache2/sites-available/domain8.vhost lrwxrwxrwx 1 root root 49 Jun 27 15:05 100-s1.isplessldomain.net.vhost -> /etc/apache2/sites-available/s1.isplessldomain.net.vhost lrwxrwxrwx 1 root root 59 Sep 26 09:27 100-test1.s1.isplessldomain.net.vhost -> /etc/apache2/sites-available/test1.s1.isplessldomain.net.vhost lrwxrwxrwx 1 root root 55 Jul 27 09:27 100-test2.s1.isplessldomain.net.vhost -> /etc/apache2/sites-available/test2.s1.isplessldomain.net.vhost lrwxrwxrwx 1 root root 57 Sep 25 10:44 100-test3.s1.isplessldomain.net.vhost -> /etc/apache2/sites-available/test3.s1.isplessldomain.net.vhost lrwxrwxrwx 1 root root 55 Sep 1 14:46 100-test4.s1.isplessldomain.net.vhost -> /etc/apache2/sites-available/test4.s1.isplessldomain.net.vhost lrwxrwxrwx 1 root root 58 Sep 6 07:02 100-test5.s1.isplessldomain.net.vhost -> /etc/apache2/sites-available/test5.s1.isplessldomain.net.vhost lrwxrwxrwx 1 root root 55 Sep 1 11:48 100-test6.s1.isplessldomain.net.vhost -> /etc/apache2/sites-available/test6.s1.isplessldomain.net.vhost PS I changed SSLProtocol as you mentioned in earlier post. Now I have like in each other .vhost files: Code: SSLProtocol All -SSLv2 -SSLv3 In attachement I also added ssl.conf file from /etc/apache2/mods-enabled/ I used command Code: grep -rn '/etc/apache2/' -e 'SSLProtocol' to find where is matched string SSLProtocol - only in files which I pasted above and in each of them it looks like: - for each domain .vhost -> SSLProtocol All -SSLv2 -SSLv3 - for ispconfig.vhost -> SSLProtocol All -SSLv3 - for /etc/apache2/mods-available/ssl.conf -> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1