Roger

Hello I solved the problem on my server. The following is what I could get out of this experience. In the case one has a recent linux version, just as in my case in which I had Almalinux 9.5, then updated to 9.6 (Sage Margay), and a CWP pro recent version, mine now is 0.9.8.1204, there is no need to compile Nginx and other components. Just in case before starting check if your Nginx, openssl, apache are compiled to support http2, maybe http3, and TLSv1.3, if they are you are good to proceed. Next step is to create proper templates for the webservers (nginx in particular if you use it as reverse proxy) as described by Sandeep (thank you Sandeep for the help, very appreciated in the years!) While you do this you also might want to add security directives and options, that depends on your needs Then rebuild your host and vhost configurations, check that all nginx conf files so generated are correct and reflecting your choices (if they do not you have some mistake in your templates, adjust and check, eventually later on fix your templates too). In latest nginx builds the use of the directive (here with variables as seen in the nginx conf templates in CWP) listen %ip%:%nginx_port% ssl %http2%; is deprecated use the following instead listen %ip%:%nginx_port% ssl; %http2% on; In your generated conf files will look like this: listen 123.123.1231233:443 ssl; http2 on; Check in your nginx conf files of the host and vhosts that all lines telling ssl_protocols do have both TLSv1.2 and TLSv1.3 stated, as follows: ssl_protocols TLSv1.2 TLSv1.3; When done in a terminal check nginx configuration running nginx -t If OK without errors restart nginx service (either form cwp or terminal) I am not sure that changing host name as suggested in previous post from TheHolbi is always necessary, however if checking your website for TLSv1.3 (e.g. against qualys website, or in your terminal) you get errors, try "change hostname" in CWP, in reality you do not really need to actually change the name of your host, you just need to click the button so to have all rebuilt and a new certificate generated, if you want to improve your host security you can chose the 4096 bit key, this will increase computation and some traffic, but this is not truly going to affect all of your server (as far as I understood... I should dig more on that). In conclusion if you have CWP Pro (maybe also the fre one, I do not know as I did not try it) on Alamlinux 9.6 everything is already good to go, you just need to tell the server to use TLSv1.3 That's all folks. Thank you again for all the help published here and other websites, special thanks to Sandeep again. Bye.

Hello I do have cwp pro updated to latest version as of april 2025, updated almalinux 9.5 , Apache/2.4.62 + nginx 1.28.0, php-fpm, also I forced use of https http2 I have tried to add use of tls 1.3 following this of the last post in this thread: "The solution of TLSv1.3 in AlmaLinux 9.5 with CWP Pro was reinstall hostname certificates (for all services) in the Change Hostname menu with 4096 size key. After then all issue was resolved, and the TLSv1.3 check was pass in both way, from terminal and from browser also. Of course in all templates and Nginx config files was changed the setting to ssl_protocols TLSv1.2 TLSv1.3;" I did not notice errors, but does not work. Am I missing something? Thank you in advance for any help.