ntopng fails with letsencrypt ECC certificates
Configuring ntopng to use letsencrypt certificates (via the Acme package) works with default RSA 2048 bit certificates. However if the certificate is configured with a 384 bit ECDSA certificate the ntopng server returns a Handshake error to all web browsers trying to connect. While the work-around to use RSA certificates isn't horrible, finding the source of the error is relatively difficult. I've seen the error reported on the web in a number of places with no resolution (google ntopng "ERR_SSL_VERSION_OR_CIPHER_MISMATCH") and only one relatively hidden reference from a year and a half ago that led to a solution. (https://forum.netgate.com/topic/116404/ntopng-and-let-s-encrypt-certificates) I didn't see an open bug report for this.
Updated by Jim Pingle over 1 year ago
- Status changed from New to Resolved
If it works on the latest ntopng then it's already been fixed upstream. It may also be fixed by the newer OpenSSL on 2.5.0. Either way there is nothing to do here, those changes have already been implemented in master.