I implemented https using this walkthrough, and browser clients get https.
There are no errors in the logs as above
But at least one person says that they can’t login anymore. And my scripting agent can no longer read the pages ( though it’s able to read https://meta.discourse.org and https://letsencrypt.org/ with no problems).
I’m getting a TLSV1 fatal handshake failure showing in wireshark.
Can someone decode the ssllabs report to let me know what the issue is.
I’m also seeing handshake failures there too
Handshake Simulation
Android 2.3.7 No SNI 2 Server sent fatal alert: handshake_failure
[..]
OpenSSL 0.9.8y Server sent fatal alert: handshake_failure
As an alternative, can I just turn off the redirect from http to https?
Are you able to provide a reproducible test case? The description of your error is vague and unhelpful. Is your scripting agent running OpenSSL 0.9.8y or Android 2.3.7?
The SSL Labs report indicates that TLS v1.0 is enabled. That standard was published in 1999. If your scripting client doesn’t support at least TLS v1.0, you really need to upgrade it, and if it does, then you’re OK. It’s possible that none of the available cipher suites are ones your scripting client supports, but in that case, again, you probably want to upgrade your scripting client, because everything else is pretty nasty.
Once again, though, I’m only guessing, because you’re providing very vague answers, rather than anything concrete.
The chaps at https://community.letsencrypt.org/ tell me they use a discourse hosted instance so don’t know what their SSL template web.ssl.template.yml says.