apache2 with letsencrypt certbot disable TLS 1.0 and TLS 1.1

Due to security issues, many browsers have begun to not support TLS 1.0 and TLS 1.1. Details can be found here .

When using certbot to install the ssl certificate issued by letsencrypt, when checking through https://www.ssllabs.com/ , it will be marked as B because the system also supports these two versions of TLS.

But open apache2 ssl settings (ubuntu 18.04 in /etc/apache2/mods-enable/ssl.conf) even if the SSLProtocol is turned off TLSv1 TLSv1.1, the check through ssllabs is still the same. The reason is that it is actually added in the site config

 Include /etc/letsencrypt/options-ssl-apache.conf

So what really needs to be changed is /etc/letsencrypt/options-ssl-apache.conf, just turn off TLSv1 TLSv1.1 in the SSLProtocol line.

 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Original link: Phanix's Blog