Do we need SSL Certificate on both Firewall and WAF for inbound traffic?

We have a website hosted behind WAF(FortiWeb)and Firewall(FortiGate). The WAF already has the server valid SSL Certificate . Do we need to install SSL certificate on Firewall also to make it more secure ?

From $0.49/month, US Shared Hosting, Fast, Reliable, Professional Service, Free SSL, Instant Setup


Lite Web Hosting is a PROFESSIONAL and RELIABLE shared hosting provider. Our servers have FIRST CLASS hardware quality and are managed by skillful technical staffs.

You can rest assured that websites on our servers have practically zero down time, since our 24/7 monitoring system triggers alerts immediately if any server starts behaving abnormally.

Our support staffs are available ALL THE TIME to promptly assist any customer and any problem.

We own our web servers, which helps to resolve problems for our customers the fastest possible and at any level of management. We can also instantly install custom software if requested by customers.

If you are looking for a long term, reliable, and professional shared hosting server, do give us a try. We have 30-day money back policy applied to all customers. You are absolutely safe when signing up with us.

Our latest shared hosting offers:

LITE 1

Disk Space: 1 GB

Subdomain: Unlimited

Addon domain: Unlimited

Bandwidth: Unlimited

MySQL: Unlimited

Email: Unlimited

$0.69/month YEARLY

$0.59/month BIENNIALLY

$0.49/month TRIENNIALLY
Order this hosting plan in Illinois, Chicago or Order this hosting plan in Washington DC or Order this hosting plan in New York

——————–

LITE 2

Disk Space: 2 GB

Subdomain: Unlimited

Addon domain: Unlimited

Bandwidth: Unlimited

MySQL: Unlimited

Email: Unlimited

$1.1/month YEARLY

$0.84/month BIENNIALLY

$0.7/month TRIENNIALLY
Order this hosting plan in Illinois, Chicago or Order this hosting plan in Washington DC

——————–

LITE 3

Disk Space: 4 GB

Subdomain: Unlimited

Addon domain: Unlimited

Bandwidth: Unlimited

MySQL: Unlimited

Email: Unlimited

$1.68/month YEARLY

$1.22/month BIENNIALLY

$0.98/month TRIENNIALLY
Order this hosting plan in Illinois, Chicago or Order this hosting plan in Washington DC

About SSL | Web Hosting Talk


HELLO! guys,

actually, I wanna lovely just be a ‘Reseller SSL’, is it possible ?

if is it yes!, give me short information about that https://www.webhostingtalk.com/

if it’s Nothttps://www.webhostingtalk.com/, don’t tire yourself for written

CHEERS!,

I WISH TO YOU HAVE A GOOD SUCCESSFULLY WORKING, BIG HART BIG LOVELY

BYE!

ssl – converting nginx from http to https

i am hosting a website on aws lighsail server. it is single server and i am running 4 docker container on it. 1-nginx , 2-node js, 3- spring bot, 4 – mysql.

As for now my website is loading great with this :

    server {
    listen       80;
    server_name  *.example.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;
    client_max_body_size 100M;
    location / {
        proxy_pass http://cahub-client:4000;
    }

    location /api {
        rewrite /api/(.*) /$1  break;
        proxy_pass http://microservice:8080;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

I have purchased ssl certificate from goddady, and now installing on my server.

server {
    listen 80 default_server;
    listen (::):80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
    }

server {
    listen 443 ssl;
    server_name  *.domain.com;
    
    ssl_certificate /etc/nginx/certs/cae51a61335308544.pem;
    ssl_certificate_key /etc/nginx/certs/www.eaxmple.com.key;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;
    client_max_body_size 200M;
    location / {
        proxy_pass http://cahub-client:4000;
    }

    location /api {
        rewrite /api/(.*) /$1  break;
        proxy_pass http://microservice:8080;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

So what is happening here is now. that when i type my domain in url it goes and redirect to https but only angular client location block is getting run which is my frontend. but whenever a call from frontend to backend is made. it should also go to my reverse proxy block /api.. this is not reolvong instead getting an error mixedcontext found. when i see in network tab. My frontend call is going as https://example.com but my backend call is going as earlier http://example.com/api/.

£3.59/year ★ UK, EU, NL, US, SG, AU ★ NVMe/SSD ★ CloudLinux ★ Softaculous ★ LiteSpeed ★ Free SSL ★

SmallWeb Ltd is a UK company established with the aim of providing affordable low-cost web hosting without drawbacks in service quality. We implement efficient cost-cutting strategies to ensure we can maintain an increasing profit whilst also passing the savings on to our customers.

SmallWeb is our DirectAdmin hosting brand offering managed web hosting using DirectAdmin, CloudLinux, Softaculous and Let’s Encrypt SSL on high grade servers with NVMe or SSD storage. Members from WHT are eligible for a 10% recurring discount for life! Use the code WHT10.

We are a UK based company but with a global reach with locations in 8 different countries.

• Amsterdam, EU (AMD, SSD)

• Germany, EU (AMD, NVMe)

• Los Angeles, US (AMD, NVMe)

• Luxembourg, EU (Intel, SSD)

• London, UK (Intel, NVMe)

• Melbourne, AU (Intel, NVMe)

• New York, US (Intel, SSD)

• Singapore, AS (Intel, NVMe)

All of our DirectAdmin hosting plans include:

• FULL Server Management

• NVMe or SSD Storage

• DirectAdmin Control Panel

• Daily Backups (Remote)

• DirectAdmin DNS Management

• Free Softaculous App Installer

• Free Let’s Encrypt SSL

• Free Website Migration

• Unlimited MySQL Databases

• Unlimited Email Accounts

• Unlimited FTP Accounts

• Online Roundcube Webmail

• PHP Version Selector

• 99.9% Uptime Guarantee

• 30 Day Refund Policy

• Python App Supported

• Nodejs App Supported

We accept payment via PayPal, Cryptocurrency (Coinpayments.net) and UK Bank Transfer.

SmallWeb ½GB

– ½GB Dedicated NVMe/SSD

– 100GB Monthly Bandwidth

– Host Up To 5 Domain Names

£3.59/year With Code: WHT10

Amsterdam | Germany | Los Angeles | Luxembourg | London | Melbourne | New York | Singapore

SmallWeb 1GB

– 1GB Dedicated NVMe/SSD

– 250GB Monthly Bandwidth

– Host Up To 10 Domain Names

£6.29/year With Code: WHT10

Amsterdam | Germany | Los Angeles | Luxembourg | London | Melbourne | New York | Singapore

SmallWeb 2GB

– 2GB Dedicated NVMe/SSD

– 500GB Monthly Bandwidth

– Host Up To 20 Domain Names

£8.99/year With Code: WHT10

Amsterdam | Germany | Los Angeles | Luxembourg | London | Melbourne | New York | Singapore

Have a question? Email us at help @ smallweb.net and a member of our team will be in touch.

SmallWeb Ltd. Company Number 12272693.

£3.99/month ★ UK, EU, NL, US, AU ★ NVMe/SSD ★ CloudLinux ★ Softaculous ★ LiteSpeed ★ Free SSL ★


SmallWeb Ltd is a UK company established with the aim of providing affordable low-cost web hosting without drawbacks in service quality. We implement efficient cost-cutting strategies to ensure we can maintain an increasing profit whilst also passing the savings on to our customers.

SmallWeb is our DirectAdmin hosting brand offering managed web hosting using DirectAdmin, CloudLinux, Softaculous and Let’s Encrypt SSL on high grade servers with NVMe or SSD storage.

We are a UK based company but with a global reach with locations in 8 different countries.

• Amsterdam, EU (AMD, SSD)

• Germany, EU (AMD, NVMe)

• Los Angeles, US (AMD, NVMe)

• Luxembourg, EU (Intel, SSD)

• London, UK (Intel, NVMe)

• Melbourne, AU (Intel, NVMe)

• New York, US (Intel, SSD)

• Singapore, AS (Intel, NVMe)

All of our DirectAdmin hosting plans include:

• FULL Server Management

• NVMe or SSD Storage

• DirectAdmin Control Panel

• Daily Backups (Remote)

• DirectAdmin DNS Management

• Free Softaculous App Installer

• Free Let’s Encrypt SSL

• Free Website Migration

• Unlimited MySQL Databases

• Unlimited Email Accounts

• Unlimited FTP Accounts

• Online Roundcube Webmail

• PHP Version Selector

• 99.9% Uptime Guarantee

• 30 Day Refund Policy

Reseller 10GB

– 10GB Dedicated NVMe/SSD

– Unmetered Monthly Bandwidth

– Host Unlimited Domain Names

£3.99/month – Order Now!

Reseller 20GB

– 20GB Dedicated NVMe/SSD

– Unmetered Monthly Bandwidth

– Host Unlimited Domain Names

– Free Blesta Branded License

£6.99/month – Order Now!

Reseller 30GB

– 30GB Dedicated NVMe/SSD

– Unmetered Monthly Bandwidth

– Host Unlimited Domain Names

– Free Blesta Branded License

£9.99/month – Order Now!

Have a question? Email us at help @ smallweb.net and a member of our team will be in touch.

SmallWeb Ltd. Company Number 12272693.

[WTS] Get DigitalServer.com.mx Quality Servers & SSL Certificates in Mexico!

DigitalServer.com.mx is leading web hosting provider in Mexico now offering powerful dedicated services, secure SSL Certificates. You will receive super fast hosting along with real Mexican Ips as well as helpful professional customer and tech support team who work 24/7.

Our team offer nice Certificados SSL en Mexico, check out our Secure SSL Certificates:

==>> Comodo Positive SSL Certificate:
Validacion de Dominio
Soporte con www y sin www al mismo tiempo
Emision en 5 Minutos
$10,000 USD de Seguro
Re-emision sin costo
SHA2 y ECC
Sello Estatico
ORDER NOW – $700.00/MXN yearly

==>> Besides, we are happy to offer these SSLs:
– Rapid SSL
– Comodo PositiveSSL Wildcard
– Rapid SSL Wildcard
– Geotrust Quick SSL Premium
– Geotrust True BusinessID
– Symantec Secure Site
– Geotrust True BusinessID Wildcard

FOR MORE Details, follow this LINK: https://www.digitalserver.com.mx/certificados-ssl.shtml

We are happy to announce our NEW Servidores Dedicados!!!

Servidores Dedicados Premium
Super servers for applications and websites

Premium Servidores Dedicados under linux or Windows, DigitalServer atmosphere, offers you a range of low-cost servers with 100% internet connectivity and Premium support. If you wish to have autonomy and full access to your server, dedicated servers in Mexico are an excellent choice and opportunity, as the existence is limited.

Servidor Dedicado DSM-1
Processor – Intel C2350 2 Cores a 1.70GHz
RAM – 4 GB
Serial ATA hard drive – 1 TB
Including IP?s – 1 IP Fija
Uptime 100%
Rent monthly $1,850.00 MXN
ORDER

Servidor Dedicado DSM-2
Processor – Intel C2750 8 Cores a 2.40GHz
RAM – 16 GB
Serial ATA hard drive 1 TB
Including IP?s 2
Uptime 100%
Rent monthly $2,250.00 MXN
ORDER

Servidor Dedicado DSM-3
Processor – Intel Xeon W3520 4 Cores a 2.66+ Ghz
RAM – 32 GB
Serial ATA hard drive – 2×2 TB en Raid 1
Including IP?s – 2 IPs Fijas
Uptime 100%
Rent monthly $2,495.00 MXN
ORDER

Take a look at Digitalserver.com.mx Servidores Dedicados en Mexico:

Servidor Dedicado en Mexico DS-1A
Processor – Intel Core i3/Core 2 Duo 3.06 Ghz + 4 MB Cache
RAM – 4 GB
Serial ATA hard drive – 1 TB
Including IP?s – 1 IP Fija Mexicana
Uptime 100%
Rent monthly $3,450.00 MXN
ORDER

Servidor Dedicado en Mexico DS-2B
Processor – Intel Single Xeon E3110 3.0ghz L2 cache 6MB
RAM – 6 GB
Serial ATA hard drive – 1 TB
Including IP?s – 1 IP Fija Mexicana
Uptime 100%
Rent monthly $4,640.00 MXN
ORDER

Servidor Dedicado en Mexico DS-3C
Processor – Intel Core2Quad Yorkfield 2.83GHZ 12Mb L2 Cache
RAM – 8 GB
Serial ATA hard drive – 1 TB
Including IP?s – 1 IP Fija Mexicana
Uptime 100%
Rent monthly $5,795.00 MXN
ORDER

We are accepting PaymentWall as method of payment: https://www.paymentwall.com/
And payments from 192 countries, some of that are local payments.

If you have any question – feel free to contact our sales team!

.

[LA/ATL/NL] IOFort Super Fast SSD Hosting ⚡ 20% OFF $1.42/m ✔️ DDoS-Protected ✔️ LSCache ✔️ Free SSL


Why IOFort?
IOFort SSD Web Hosting started providing “private” hosting services to web development clients in 2012. In late 2017, we started IOFort in order to provide the same hosting services that we provide to our already existing dev clients. Members of our team have years of experience in hosting and we know what it takes to run a solid hosting service.

*** WHT DISCOUNT! ***

20% off for life on any shared hosting plan, any billing cycle: 20R

Main Features:

  • Pure SSD for maximum performance
  • cPanel-powered
  • LiteSpeed Web Server with LSCache
  • CloudLinux
  • FREE SSL Certificatess
  • LSCache for WordPress – ULTRA FAST WordPress sites!
  • Softaculous One-click Script Installer
  • MailChannels
  • Imunify360 Site Protection
  • Acronis Automated Backups
  • PHP selector
  • 100% WordPress/Joomla/Drupal compatible
  • 99.9% uptime guarantee backed by SLA
  • Up to 10Gb/s DDoS protection
  • 24/7 online tech support (ticket system)
  • Server locations: Los Angeles, CA, USA | Atlanta, Georgia, USA | Rotterdam, Netherlands

SSD Web Hosting Plans:

(NEW!!) Static Plan
Don’t pay for what you don’t need! Need email hosting only? HTML site hosting only? Or maybe a combination of both? This new plan is great for those who just need space for their static sites and email. We provide the same level of service, same server features. For a much lower price you’ll get everything we offer except databases.

Note: if you need hosting for WordPress or any other database-driven site, scroll down below for our plans with databases

  • 10GB Disk Space
  • Unlimited Bandwidth
  • Unlimited Domains
  • Unlimited Emails
  • NO Databases
  • FREE SSL Certificates

Pricing: as low as $1.42/mo with discount (triennial billing) | use code 20R for 20% off for life
Order Static Plan (Los Angeles) | Order Static Plan (Atlanta) | Order Static Plan (Rotterdam, NL)

================

Basic Plan

  • 10GB Disk Space
  • Unlimited Bandwidth
  • Unlimited Domains
  • Unlimited Emails
  • Unlimited Databases
  • FREE SSL Certificates

Pricing: as low as $1.96/mo with discount (triennial billing) | use code 20R for 20% off for life
Order Basic Plan (Los Angeles) | Order Basic Plan (Atlanta) | Order Basic Plan (Rotterdam, NL)

================

Plus Plan

  • 20GB Disk Space
  • Unlimited Bandwidth
  • Unlimited Domains
  • Unlimited Emails
  • Unlimited Databases
  • FREE SSL Certificates

Pricing: as low as $2.80/mo with discount (triennial billing) | use code 20R for 20% off for life
Order Plus Plan (Los Angeles) | Order Plus Plan (Atlanta) | Order Plus Plan (Rotterdam, NL)

================

Pro Plan

  • Unlimited Disk Space
  • Unlimited Bandwidth
  • Unlimited Domains
  • Unlimited Emails
  • Unlimited Databases
  • FREE SSL Certificates

Pricing: as low as $4.20/mo with discount (triennial billing) | use code 20R for 20% off for life
Order Pro Plan (Los Angeles) | Order Pro Plan (Atlanta) | Order Pro Plan (Rotterdam, NL)

Payment methods: PayPal, credit card

================

Real reviews from real customers, taken from their blog posts or feedback directly submitted to us:

I have been hosted for well over a year now, and not a single instance of interruption. My cartoons and cartoon services can quickly be found on the web via simple keyword phrases and am very pleased with the performance of my pages opening and with the personalized tech support I receive when I have questions. I give them more than two thumbs up!



I’m new to hosting & CPanel – whenever I’ve needed help your response has been great I’ll certainly recommend you.

I became a client last black Friday so it’s only been a little over two months. My usage is quite low, just two domains, one for email and the other a mostly-defunct blog. My experience so far has been very good. I have not had any problems with responsiveness: The service is great and the one support ticket I submitted was quickly resolved. Communications have been good and I’m well-pleased all around, so far.

I must say I’m pretty happy about you guys.

… Things are going fine. Hosting service has been good, very responsive to tickets and exactly what I was looking for.

… tech support can be much more “personal” where I receive a good amount of help from one of their people whenever I have in-depth questions or even doing a blog post or building a new page.

Any questions, feel free to contact us.

Thank you!

Unlimited domains – 25 GB – Free SSL – Softaculous $ 1.99 /mo


– Unlimited accounts

– Unmetered Bandwidth

– Unlimited Domains

– Unlimited Sub-Domains

– Unlimited emails

– POP/IMAP/SMTP/Webmail

– SSL Certificate

– Adult Hosting Allowed

– Softaculous

– 24/7/365 Support

– Unlimited MySQL DB

– DirectAdmin CP

– Multiple PHP Versions

25 GB $ 1.99 month order here

US DATACENTER – ST. LOUIS

SILICOM NETWORK
https://www.silicomnetwork.com

ssl – ProFTPD – TLS – Client does not support any cipher

I am running Ubuntu Server 20.04 and proftpd 1.36 and have an issue setting up TLS.

I have followed the guide in the config file, but I get a very odd error. That there is no supported cipher. And then the process breaks with a handshake error. The SSL clienthello message includes a lot of ciphers that is recognised, and that is on the machine.

TLS log:

2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL sessions attempted: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL sessions established: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL sessions renegotiated: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL sessions resumed: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL sessions in cache: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL session cache hits: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL session cache misses: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL session cache timeouts: 0
2020-06-29 18:16:30,457 mod_tls/2.7(87378): (stat): SSL session cache size exceeded: 0
2020-06-29 18:16:35,242 mod_tls/2.7(87910): TLSOption EnableDiags enabled, setting diagnostics callback
2020-06-29 18:16:35,245 mod_tls/2.7(87910): error initializing OpenSSL context for this session
2020-06-29 18:16:35,247 mod_tls/2.7(87910): TLS/TLS-C requested, starting TLS handshake
2020-06-29 18:16:35,247 mod_tls/2.7(87910): (info) (unknown): before SSL initialization
2020-06-29 18:16:35,247 mod_tls/2.7(87910): (info) accepting: before SSL initialization
2020-06-29 18:16:35,247 mod_tls/2.7(87910): (info) accepting: before SSL initialization
2020-06-29 18:16:35,255 mod_tls/2.7(87910): (msg) received protocol record message (5 bytes)
2020-06-29 18:16:35,255 mod_tls/2.7(87910): (info) accepting: before SSL initialization
2020-06-29 18:16:35,255 mod_tls/2.7(87910): (msg) received TLSv1.3 'ClientHello' Handshake message (368 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (msg)
ClientHello:
  client_version = TLS 1.2
  random:
    gmt_unix_time = Thu Oct 20 14:46:18 1904 (not guaranteed to be accurate)
    random_bytes (28 bytes)
      5820ebe66e5afa9ec7d9cfc5d69fd7b97698ba054091bd338c918587
  session_id (0 bytes)
  cipher_suites (58 bytes)
    TLS_AES_256_GCM_SHA384
    TLS_CHACHA20_POLY1305_SHA256
    TLS_AES_128_GCM_SHA256
    (unknown/unsupported)
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    (unknown/unsupported)
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    (unknown/unsupported)
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    (unknown/unsupported)
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (unknown/unsupported)

    TLS_RSA_WITH_AES_256_CBC_SHA
    (unknown/unsupported)
    TLS_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA
    (unknown/unsupported)
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    (unknown/unsupported)
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    (unknown/unsupported)
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    (unknown/unsupported)
  compression_methods (1 byte)
    None
  extensions (265 bytes)
    extension_type = status_request (5 bytes)
    extension_type = elliptic_curves (22 bytes)
    extension_type = ec_point_formats (2 bytes)
    extension_type = signature_algorithms (34 bytes)
    extension_type = encrypt_then_mac (0 bytes)
    extension_type = extended_master_secret (0 bytes)
    extension_type = session_ticket (0 bytes)
    extension_type = key_share (139 bytes)
    extension_type = supported_versions (9 bytes)
    extension_type = renegotiate (1 byte)
    extension_type = psk_kex_modes (3 bytes)
    extension_type = (unknown/unsupported) (2 bytes)

2020-06-29 18:16:35,256 mod_tls/2.7(87910): (msg) sent protocol record message (5 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (msg) sent TLSv1.2 fatal 'handshake_failure' Alert message (2 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (info) writing: SSL/TLS alert fatal: handshake failure
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (info) accepting: error
2020-06-29 18:16:35,256 mod_tls/2.7(87910): unable to accept TLS connection: protocol error:
  (1) error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
2020-06-29 18:16:35,256 mod_tls/2.7(87910): unable to accept TLS connection: client does not support any cipher from 'TLSCipherSuite DEFAULT:!ADH:!EXPORT:!DES' (see `openssl ciphers DE>
2020-06-29 18:16:35,256 mod_tls/2.7(87910): TLS/TLS-C negotiation failed on control channel
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL sessions attempted: 1
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL sessions established: 0
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL sessions renegotiated: 0
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL sessions resumed: 0
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL sessions in cache: 0
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL session cache hits: 0
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL session cache misses: 0
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL session cache timeouts: 0
2020-06-29 18:16:35,256 mod_tls/2.7(87910): (stat): SSL session cache size exceeded: 0

Output of openssl

openssl ciphers -v 'DEFAULT:!ADH:!EXPORT:!DES'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA384
RSA-PSK-AES256-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-PSK-AES256-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
PSK-AES256-CBC-SHA384   TLSv1 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA384
PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
RSA-PSK-AES128-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-PSK-AES128-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA256
PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1

As you can see there is plenty of matching ciphers. So why do I get this error??

———– Bonus info———-
I have tried changing the Cipher to a single cipher, to every cipher, still same error.
I have tried changing the protocol, still same error.
Google has not helped me find a solution, all errors seems to be with actual missing certificates, or not related.
proftpd tls config for completions sake:

#
# Proftpd sample configuration for FTPS connections.
#
# Note that FTPS impose some limitations in NAT traversing.
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
# for more information.
#

<IfModule mod_tls.c>
TLSEngine                               on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             SSLv23
#
# Server SSL certificate. You can generate a self-signed certificate using 
# a command like:
#
# openssl req -x509 -newkey rsa:1024 
#          -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt 
#          -nodes -days 365
#
# The proftpd.key file must be readable by root only. The other file can be
# readable by anyone.
#
# chmod 0600 /etc/ssl/private/proftpd.key 
# chmod 0640 /etc/ssl/private/proftpd.key
# 
TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
#
# CA the server trusts...
#TLSCACertificateFile            /etc/ssl/certs/CA.pem
# ...or avoid CA cert and be verbose
TLSOptions                      NoCertRequest EnableDiags 
# ... or the same with relaxed session use for some clients (e.g. FireFtp)
#TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
#
#
# Per default drop connection if client tries to start a renegotiate
# This is a fix for CVE-2009-3555 but could break some clients.
#
#TLSOptions                             AllowClientRenegotiations
#
# Authenticate clients that want to use FTP over TLS?
#
#TLSVerifyClient                         off
#
# Are clients required to use FTP over TLS when talking to this server?
#
TLSRequired                             auth
#
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations.  Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate                          required off
</IfModule>