0
0
NginxDebug / FixBeginner · 4 min read

How to Fix SSL Handshake Error in Nginx Quickly

An SSL handshake error in nginx usually happens due to incorrect SSL certificate paths, unsupported protocols, or mismatched cipher suites. Fix it by verifying your ssl_certificate and ssl_certificate_key paths, enabling modern TLS versions, and configuring compatible ciphers in your nginx.conf.
🔍

Why This Happens

SSL handshake errors occur when Nginx and the client cannot agree on how to establish a secure connection. Common causes include wrong certificate file paths, expired or invalid certificates, unsupported TLS versions, or incompatible cipher suites.

nginx
server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/wrong-cert.pem;
    ssl_certificate_key /etc/nginx/ssl/wrong-key.pem;
    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers HIGH:!aNULL:!MD5;
    server_name example.com;
}
Output
2024/06/01 12:00:00 [error] 1234#0: *1 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure) while SSL handshaking, client: 192.168.1.10, server: 0.0.0.0:443
🔧

The Fix

Update the ssl_certificate and ssl_certificate_key to point to the correct, valid certificate files. Enable modern TLS versions like TLS 1.2 and 1.3, and use recommended cipher suites for compatibility and security.

nginx
server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!MD5';
    ssl_prefer_server_ciphers on;
    server_name example.com;
}
Output
No SSL handshake errors; HTTPS connections succeed and clients load the site securely.
🛡️

Prevention

Always verify SSL certificate paths and renew certificates before expiry. Use automated tools like certbot for Let's Encrypt certificates. Regularly update Nginx to support the latest TLS versions and ciphers. Test your SSL setup with online tools like SSL Labs to ensure compatibility.

⚠️

Related Errors

  • ERR_SSL_PROTOCOL_ERROR: Often caused by protocol mismatches; fix by enabling correct TLS versions.
  • SSL Certificate Expired: Renew your certificate and reload Nginx.
  • Mixed Content Warnings: Ensure all resources load over HTTPS.

Key Takeaways

Check and correct SSL certificate and key file paths in Nginx config.
Enable modern TLS versions (1.2 and 1.3) and compatible cipher suites.
Renew certificates before they expire to avoid handshake failures.
Use automated tools and testing services to maintain SSL health.
Keep Nginx updated for best security and protocol support.

Related by keyword

How to Use ssl_certificate_key in Nginx for SSL SetupSSL TLSHow to Auto Renew SSL Certificate in Nginx EasilySSL TLSHow to Configure SSL Ciphers in Nginx for Secure ConnectionsSSL TLSHow to Configure SSL in Nginx: Simple StepsSSL TLSHow to Configure SSL Protocols in Nginx for Secure ConnectionsSSL TLS

Up next

How to Use Nginx with Spring Boot: Simple Reverse Proxy SetupHow to Use Nginx with WordPress: Simple Setup GuideNginx vs Apache: Key Differences and When to Use EachNginx vs Caddy: Key Differences and When to Use Each

More in Common Errors

How to Fix 403 Forbidden Error in Nginx QuicklyHow to Fix 404 Not Found Error in Nginx QuicklyHow to Fix 413 Request Entity Too Large Error in NginxHow to Fix 502 Bad Gateway Error in Nginx Quickly