Updating SSL Options for Nginx with Let’s Encrypt

Finished setting up a new server and wanted to check SSL/TLS quality, using SSL Labs. Noticed that some options weren’t secure or even outdated.

Turns out:

• that the certbot version I had on that server wasn’t quite up to date.
• their options-ssl-nginx.conf overrides custom SSL configurations.

Especially the last one I didn’t notice immediately and that caused quite some head scratching as to why my changes didn’t take effect.

Updated the ssl conf to the latest version from GitHub to ensure security settings align with best practices. Works!