Nginx SSL_do_handshake() failed SSL: error:1417D18C:SSL
Ignore Them
Looking at the number of connection attempts made to my site within a short span of time, these are clearly attempts to compromise the server's security. Don't downgrade your security settings to make it easy for these guys. This is 93 requests from the same IP address within 2 seconds.
2018/06/11 04:22:00 [crit] 972#972: *315608 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315616 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315643 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315645 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315650 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315652 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315663 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315674 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315675 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 971#971: *315677 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315680 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315685 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315691 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315703 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315712 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315719 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315720 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315734 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315737 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315738 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315766 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315767 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315770 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315771 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315776 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315778 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315782 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315786 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315787 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315789 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315790 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315793 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315797 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315803 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315807 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315809 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315813 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315818 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315823 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315829 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315831 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 971#971: *315835 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315837 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315839 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315840 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315841 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315843 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315844 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315845 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315846 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315847 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315848 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315849 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315850 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315853 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315856 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315858 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315859 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315860 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315861 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315863 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315862 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315864 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315866 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315867 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315868 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315870 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315871 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315872 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315873 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315874 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315875 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315876 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315877 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315878 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315879 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315880 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315881 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315882 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315883 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315887 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315888 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315889 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315890 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315893 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315896 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315897 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315898 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315899 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315900 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315902 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315903 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315904 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
I'm pretty sure routines:tls_process_client_hello:version too low
indicates that the client is unable to use the configured ciphers on your system in order to connect. Additionally, if the browser doesn't trust the Let's Encrypt Root CA, they'll fail the connection.
I do not agree with downgrading the security of your website to allow some clients with way old hardware, that they should have upgraded long ago, in order to allow them to connect. You're literally sacrificing security just for a handful of clients.
It's also not unlikely that these aren't even real clients. These could be malicious "clients" attempting to force a down-graded connection in order to start breaking your security to steal information, the private key, etc...
I fully support the statement from Andrew, almost no one is providing support for SSLv2/3 or clients without SNI. But if you still want to, at the risk of exposing the data of all your other users, do the ssl test here https://www.ssllabs.com/ssltest/ and adjust your ciphers until compatible with all listed browsers. Ignore the Android 2.x and Java 1.6.x you will never manage to downgrade your security that much without endless supply of IPv4 addresses and it is better to disable HTTPS altogether if you plan to do that, that way at least your users won't be fooled by the assumption that the connection is secure.
On ubuntu 18.04 and nginx 1.14+ .... As stated above by @Daniel , "I fully support the statement from Andrew" that "almost no one is providing support for SSLv2/3 or clients without SNI".
If there is a legacy system then that is a firewall issue imho.
What did throw a lot of us for a loop was legacy code created such as includes /etc/nginx/custom-name-here/
or /etc/nginx/conf.d/
folder includes and added them in /etc/nginx/nginx.conf
and sites-enabled/example-org
. Subsequent upgrades then caused errors as seen by nginx -t
I'm not sure I'm articulating this well, but there was a time on 14.04 and 16.04 where we had to manually specify the ciphers. The defaults on more recent versions of NGINX caused redundancy and therefore threw errors. The new nginx cipher defaults, including for certbot/letsencrypt, on 18.04 are much more secure ... but they did require us to remove our custom cert restrictions.
If this is still an issue I recommend you remove (google it first!) letsencrypt and reinstall certbot. https://certbot.eff.org/ and leverage the /etc/nginx/snippets/
folder for includes in your sites-available /slash/ sites-enabled folders.