Resolved http/3 supported by plesk?

AYamshanov · 2024-05-16T01:04:10-0700

If someone is faced with an error like

Code:

plesk bin http3_pref --enable -panel -nginx
Execution failed.
Command: pleskrc
Arguments: Array
(
[0] => sw-cp-server
[1] => try-reload
)

Details: Job for sw-cp-server.service failed.
See "systemctl status sw-cp-server.service" and "journalctl -xe" for details.


exit status 1

We have prepared a KB article with a resolution on how to make the control panel available again,

https://support.plesk.com/hc/en-us/...rus-cannot-be-enabled-in-Mail-Server-Settings.

Leonardo N · 2024-05-16T01:39:38-0700

Hello,

after running: plesk bin http3_pref --enable -panel -nginx
I got this log:

[2024-05-16 05:27:02.385] 56149:6645c3565ddc2 ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/sslmng' '--protocols=+TLSv1.3'] with exit code [1]
sslmng failed: Job for sw-cp-server.service failed.
See "systemctl status sw-cp-server.service" and "journalctl -xe" for details.
ERROR: Command '['/opt/psa/admin/sbin/pleskrc', 'sw-cp-server', 'reload']' returned non-zero exit status 1.

Please, Do i need to change some nginx config before running it?

Thank's

AYamshanov · 2024-05-16T02:52:14-0700

Leonardo N said:
[2024-05-16 05:27:02.385] 56149:6645c3565ddc2 ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/sslmng' '--protocols=+TLSv1.3'] with exit code [1]

@Leonardo N , could you please post the output of the `plesk version` command and check the output of the command `plesk sbin sslmng --show-config` (c) https://support.plesk.com/hc/en-us/...ons-or-SSL-ciphers-via-CLI-in-Plesk-for-Linux. It seems the issue is because the attempt to enable TLSv1.3 is failed.

Alternatively you can open a ticket with Plesk support so the support team can investigate the issue on your server, it could help to solve the issues faster.

Leonardo N · 2024-05-16T03:42:54-0700

Hi @AYamshanov , thanks for your help.

Abou plesk version i got this:
Product version: Plesk Obsidian 18.0.61.1
OS version: Ubuntu 20.04 x86_64
Build date: 2024/05/14 15:00
Revision: eb6e8f6cb63fcb88cd5e5bf531b40823c2e63c98

And about plesk sbin sslmng --show--config , this json:

{
"full": {
"all": {
"dhparams_size": 2048,
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH",
"strong_dh": true,
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"cipher_server_order": true
},
"dovecot": {
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"protocols": [
"TLSv1.2"
]
},
"mail-imap-pop3": {},
"postfix": {
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"protocols": [
"TLSv1.2"
]
},
"autoinstaller": {
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"protocols": [
"TLSv1.2"
]
},
"nginx": {
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"protocols": [
"TLSv1.2"
]
},
"sw-cp-server": {
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"protocols": [
"TLSv1.2"
]
},
"mail-smtp": {},
"apache": {
"ciphers": "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256",
"protocols": [
"TLSv1.3"
]
},
"mail": {
"cert": "/opt/psa/var/certificates/scfgbVRR8",
"certificate": true
},
"proftpd": {
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"protocols": [
"TLSv1.2"
]
}
},
"effective": {
"dovecot": {
"dhparams_size": 2048,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"strong_dh": true,
"protocols": [
"TLSv1.2"
],
"cipher_server_order": true,
"cert": "/opt/psa/var/certificates/scfgbVRR8",
"certificate": true
},
"postfix": {
"dhparams_size": 2048,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"strong_dh": true,
"protocols": [
"TLSv1.2"
],
"cipher_server_order": true,
"cert": "/opt/psa/var/certificates/scfgbVRR8",
"certificate": true
},
"autoinstaller": {
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"protocols": [
"TLSv1.2"
],
"cipher_server_order": true
},
"nginx": {
"dhparams_size": 2048,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"strong_dh": true,
"protocols": [
"TLSv1.2"
],
"cipher_server_order": true
},
"sw-cp-server": {
"dhparams_size": 2048,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"strong_dh": true,
"protocols": [
"TLSv1.2"
],
"cipher_server_order": true
},
"apache": {
"ciphers": "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256",
"protocols": [
"TLSv1.3"
],
"cipher_server_order": true
},
"proftpd": {
"dhparams_size": 2048,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"strong_dh": true,
"protocols": [
"TLSv1.2"
],
"cipher_server_order": true
},
"qmail": {
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH",
"cert": "/opt/psa/var/certificates/scfgbVRR8",
"certificate": true
},
"courier": {
"dhparams_size": 2048,
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH",
"strong_dh": true,
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"cert": "/opt/psa/var/certificates/scfgbVRR8",
"certificate": true
}
}
}

I'm going to open a ticket as you suggested. Thanks

Leonardo N · 2024-05-16T05:39:04-0700

AYamshanov said:
@Leonardo N , could you please post the output of the `plesk version` command and check the output of the command `plesk sbin sslmng --show-config` (c) https://support.plesk.com/hc/en-us/...ons-or-SSL-ciphers-via-CLI-in-Plesk-for-Linux. It seems the issue is because the attempt to enable TLSv1.3 is failed.

Alternatively you can open a ticket with Plesk support so the support team can investigate the issue on your server, it could help to solve the issues faster.

The support team solved my problem, the issue was:

Missing TLSv1.3 ; I installed it and the command works! Thanks for your help!!

AYamshanov · 2024-05-16T07:07:50-0700

Leonardo N said:
Missing TLSv1.3 ; I installed it and the command works! Thanks for your help!

Could you please share details on how you installed the TLSv1.3?

Leonardo N · 2024-05-16T07:36:45-0700

AYamshanov said:
Could you please share details on how you installed the TLSv1.3?

Sure, in sequence:

ran this:

Code:

plesk bin http3_pref --disable -panel

and

Code:

plesk bin http3_pref --enable -nginx

to enable HTTP/3 only for websites, not Plesk panel

Code:

plesk bin server_pref -u -ssl-protocols 'TLSv1.2 TLSv1.3'

to install TLS

Code:

nginx -t

to check config and then

Code:

plesk bin http3_pref --enable -panel -nginx

to add HTTP3 (it took about 30 seconds)

AYamshanov · 2024-05-16T07:40:19-0700

Thank you for sharing this information!

Patrick Dankers · 2024-05-16T07:51:22-0700

Following this as while I can run the command just fine, for each and every website im still seeing it being served by HTTP2.
I also followed the above sequence, but to no avail. Having HTTP3 not show up on multiple servers. in which locally and at host the needed ports have been made open for UDP.

So not sure what I am missing.

For quick reference;

[root@srvtrans-p24 pdtemp]# plesk version

Product version: Plesk Obsidian 18.0.61.1
OS version: AlmaLinux 8.9 x86_64
Build date: 2024/05/14 15:00
Revision: eb6e8f6cb63fcb88cd5e5bf531b40823c2e63c98

[root@srvtrans-p24 pdtemp]# plesk sbin sslmng --show-config
{
"full": {
"all": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH",
"cipher_server_order": true,
"strong_dh": true,
"dhparams_size": 2048
},
"apache": {
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false
},
"nginx": {
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false
},
"mail-imap-pop3": {},
"mail-smtp": {},
"mail": {
"certificate": true,
"cert": "/usr/local/psa/var/certificates/certCEJwrmT"
},
"autoinstaller": {
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false
},
"proftpd": {
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false
},
"sw-cp-server": {
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false
}
},
"effective": {
"apache": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false
},
"nginx": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false,
"strong_dh": true,
"dhparams_size": 2048
},
"autoinstaller": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false
},
"proftpd": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false,
"strong_dh": true,
"dhparams_size": 2048
},
"sw-cp-server": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

HE-RSA-AES128-GCM-SHA256

HE-RSA-AES256-GCM-SHA384",
"cipher_server_order": false,
"strong_dh": true,
"dhparams_size": 2048
},
"postfix": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH",
"cipher_server_order": true,
"strong_dh": true,
"dhparams_size": 2048,
"certificate": true,
"cert": "/usr/local/psa/var/certificates/certCEJwrmT"
},
"qmail": {
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH",
"certificate": true,
"cert": "/usr/local/psa/var/certificates/certCEJwrmT"
},
"dovecot": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH",
"cipher_server_order": true,
"strong_dh": true,
"dhparams_size": 2048,
"certificate": true,
"cert": "/usr/local/psa/var/certificates/certCEJwrmT"
},
"courier": {
"protocols": [
"TLSv1.2",
"TLSv1.3"
],
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH",
"strong_dh": true,
"dhparams_size": 2048,
"certificate": true,
"cert": "/usr/local/psa/var/certificates/certCEJwrmT"
}
}
}

[root@srvtrans-p24 pdtemp]# curl -I Foodtruck huren - De lekkerste BBQ en Snacks op Locatie - Food on Tour
HTTP/2 200
server: nginx
date: Thu, 16 May 2024 14:46:08 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.7
strict-transport-security: max-age=63072000; includeSubDomains;preload
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-site
cross-origin-embedder-policy: same-origin
content-security-policy: upgrade-insecure-requests;
x-flying-press-cache: MISS
x-flying-press-source: PHP
cache-control: max-age=0
expires: Thu, 16 May 2024 14:46:07 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains

[root@srvtrans-p24 pdtemp]# curl -I De lekkerste Friet en Snacks op Locatie - Frietje on Tour
HTTP/2 200
server: nginx
date: Thu, 16 May 2024 14:46:30 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.7
strict-transport-security: max-age=63072000; includeSubDomains;preload
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: accelerometer=(*), autoplay=(*), camera=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), midi=(*), payment=(*), display-capture=(*)
x-frame-options: SAMEORIGIN
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
cross-origin-embedder-policy: same-origin
content-security-policy: upgrade-insecure-requests;
x-flying-press-cache: MISS
x-flying-press-source: PHP
cache-control: max-age=0
expires: Thu, 16 May 2024 14:46:30 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains

AYamshanov · 2024-05-16T08:18:52-0700

Patrick Dankers said:
[root@srvtrans-p24 pdtemp]# curl -I Foodtruck huren - De lekkerste BBQ en Snacks op Locatie - Food on Tour

I have checked it with `curl` from my laptop, and it seems the server does not respond to the requests over UDP (HTTP/3, QUIC),

Code:

% /opt/homebrew/opt/curl/bin/curl -vDI https://foodontour.nl/ --http3-only
* Host foodontour.nl:443 was resolved.
* IPv6: (none)
* IPv4: 93.119.2.12
*   Trying 93.119.2.12:443...
* connection closed by idle timeout
* connect to 93.119.2.12 port 443 failed: Failed sending data to the peer
* Failed to connect to foodontour.nl port 443 after 120013 ms: Failed sending data to the peer
* Closing connection
curl: (55) connection closed by idle timeout

Code:

% sudo tcpdump -ni en0 -c 100 udp and port 443
Password:
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on en0, link-type EN10MB (Ethernet), snapshot length 524288 bytes
18:12:39.871587 IP 10.0.0.1.58152 > 93.119.2.12.443: quic, initial, dcid 2745fe4cc8c39519cf646604f9d10520, scid bc17fcd61fc8fb71c11716b14435d54e105d4f98, length 272
18:12:40.875016 IP 10.0.0.1.58152 > 93.119.2.12.443: quic, initial, dcid 2745fe4cc8c39519cf646604f9d10520, scid bc17fcd61fc8fb71c11716b14435d54e105d4f98, length 272
18:12:42.878461 IP 10.0.0.1.58152 > 93.119.2.12.443: quic, initial, dcid 2745fe4cc8c39519cf646604f9d10520, scid bc17fcd61fc8fb71c11716b14435d54e105d4f98, length 272
18:12:42.878518 IP 10.0.0.1.58152 > 93.119.2.12.443: quic, initial, dcid 2745fe4cc8c39519cf646604f9d10520, scid bc17fcd61fc8fb71c11716b14435d54e105d4f98, length 21
18:12:46.881339 IP 10.0.0.1.58152 > 93.119.2.12.443: quic, initial, dcid 2745fe4cc8c39519cf646604f9d10520, scid bc17fcd61fc8fb71c11716b14435d54e105d4f98, length 272
18:12:46.881392 IP 10.0.0.1.58152 > 93.119.2.12.443: quic, initial, dcid 2745fe4cc8c39519cf646604f9d10520, scid bc17fcd61fc8fb71c11716b14435d54e105d4f98, length 21
^C
6 packets captured
179 packets received by filter
0 packets dropped by kernel

As you can see, there are only requests to 93.119.2.12 and no answers from 93.119.2.12. I think you need to check firewall rules (on a server, and external firewall on a cloud provider level if applicable).

Resolved http/3 supported by plesk?

AYamshanov

Golden Pleskian

Leonardo N

New Pleskian

AYamshanov

Golden Pleskian

Leonardo N

New Pleskian

Leonardo N

New Pleskian

AYamshanov

Golden Pleskian

Leonardo N

New Pleskian

AYamshanov

Golden Pleskian

Patrick Dankers

New Pleskian

AYamshanov

Golden Pleskian

Similar threads