The SSL/TLS security assessment report detects whether the SSL certificate is compatible with the access of individual clients
https://myssl.com/www.lyplugin.com:443
The Let's Encrypt certificate has been abandoned. There will be too many unstable compatibility problems. Choosing ZeroSSL certificate is more stable and compatible. Through the SSL/TLS security assessment report, we only found that [IE 6/XP] handshake failed.
Because my one click installation package uses LNMP and the RSA certificate of zerossl is used by default, I only need to install the ECC certificate of zerossl
#Generate the ECC certificate of zerossl. The terminal directly enters the following command
/usr/local/acme.sh/acme.sh -f --server zerossl --issue -d lyplugin.com -d www.lyplugin.com --keylength ec-256 -w /home/wwwroot/lyplugin.com
Wait a few minutes, and the ECC certificate of zerossl will be automatically generated
There is an additional lyplugin.com_ecc folder in the/usr/local/nginx/conf/ssl/directory
Then in the server configuration information of the lyplugin.com.conf website in the configuration directory of the nginx website/usr/local/nginx/conf/vhost, find the originally configured certificate file information followed by two lines of ECC certificate file links.
ssl_certificate /usr/local/nginx/conf/ssl/lyplugin.com_ecc/fullchain.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/lyplugin.com_ecc/lyplugin.com.key;
Then save and reload the website configuration service: lnmp reload
ECC+RSA dual certificate configuration is completed
