Please Use Intermediate config: https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&ocsp=false Right now it's a bit outdated: centminmod/centminmod