Weak Diffie-Hellman key exchange parameters

[mrplow]

ssllabs.com:

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.

jwilder/nginx-proxy supports openssl generated DH key groups
https://github.com/jwilder/nginx-proxy#diffie-hellman-groups

VIRTUAL_HOST=foo.bar.com should have a foo.bar.com.dhparam.pem

JrCs/docker-letsencrypt-nginx-proxy-companion's build generates one on the first start
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/blob/master/app/entrypoint.sh

function check_dh_group {
if [[ ! -f /etc/nginx/certs/dhparam.pem ]]; then
"echo ""Creating Diffie-Hellman group (can take several minutes...)"""
openssl dhparam -out /etc/nginx/certs/.dhparam.pem.tmp 2048
mv /etc/nginx/certs/.dhparam.pem.tmp /etc/nginx/certs/dhparam.pem || exit 1
fi
}

Along with the above, editing ssl.tmpl to symlink dhparam.pem to foo.bar.com.dhparam.pem would also be needed. But I'm not skilled in the git enough to create a PR

[mrplow]

Hmmm I'm not getting this anymore, its working fine...

No change to anything, seems to have fixed itself over the last few days.

edit oh yeah I generated my own dh and moved it to the certs folder ha ha

[sopitz]

Thanks for letting us know! We will also look into it why it took so long. Actually there should be a string DH group in there, but I'll take a look wether we can use your code to enhance our image.

[tkaefer]

I've run into the same ssllabs.com thingy. So it would be nice to get DH param for this setup here. I would really appreciate this. Thanks

[petebytes]

I just encountered the same issue - "this server supports weak Diffie-Hellman" using SSL Labs.
Running on Ubuntu 16.04 installed using easy engine --letsencrypt