IOS 11 devices do not have access to the https nginx site protected by LetsEncrypt (protocol error)

Question

IOS 11 devices do not have access to the https nginx site protected by LetsEncrypt (protocol error)

Since after a couple of days, users who have just upgraded to iOS 11 can’t access my site. It was hosted through the nginx reverse proxy, which uses LetsEncrypt to provide SSL.

The customer’s experience is that when you click on a link, usually the safari window simply disappears or a general error is displayed.

Using the debugger, an error appears: [Error [Failed to load resource: operation could not be completed. Protocol error

This only happens with iOS devices since upgrading to iOS 11.

My server runs on DigitalOcean with a jwilder / nginx-proxy docker image .

+4

docker https nginx lets-encrypt ios11

Dominik Fretz Oct 21 '17 at 18:51

source share

1 answer

Dominik Fretz · Answer 1 · 2017-10-21T18:51:09+0000

Well, I really found that the problem is due to the incorrect implementation of HTTP2 in iOS11.

This post shed light on the situation: http://www.essential.exchange/2017/09/18/ios-11-about-to-release-things-to-be-aware-of/

The docker image jwilder / nginx-proxy uses http2 by default , and as far as I can see, you cannot change this either.

No, to solve the problem, delete the http2 keyword in your server configuration.

It:

server {
  listen x.x.x.x:443 ssl http2;
  server_name xxxx;
  [...]
}

becomes:

server {
  listen x.x.x.x:443 ssl;
  server_name xxxx;
  [...]
}

If you use jwilder / nginx-proxy, you will also have to change /app/nginx.tmpl, otherwise the configuration file will be overwritten at one point.

, . , , . , , .

IOS 11 devices do not have access to the https nginx site protected by LetsEncrypt (protocol error)

More articles: