I have fixed this. I'm running nginx in centos. After upgrading to the following...

nginx version: nginx/1.16.0 (packages.exove.com: SSE2, openssl-1.1.1c, PCRE JIT, TCP Fast Open)
built by gcc 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC)
built with OpenSSL 1.1.1c 28 May 2019
TLS SNI support enabled

and using the cipherlist from https://cipherli.st/

ssl_protocols TLSv1.2 TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

This worked as expected.

My guess is the letencrypt docker container is running nginx but an other version compiled with an older openssl version. I'd look at getting this upgraded.

Just wanted to add to this. I experienced this error and my nginx error logs had loads of these errors

Code: Select all

SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking

The specific fix is related to the cipher suit used. I changed mine to this and now it works (works with plex).

Code: Select all

Thanks chriscolden for posting the config.