0

I have a problem with my server configurations, My site works great with http requests, but when I changed it to https using letsencrypt certificate - to enable http2 - the server became really slow. a normal request with http will take from 4 to 7 seconds, but when using https most requests (90%) take up to 45 seconds. I have the latest stable version of apache and I've followed the official docs for installing letsencrypt.

I have been searching for a solution for almost a week, but with no luck, how can this be fixed?

Cooper
  • 11
  • 1
  • 1
  • Is it slow with HTTP1.1 already or only when using HTTP2? And this has nothing to do with Letsencrypt specifically, but would be a general TLS problem... Also, log file entries? – Sven May 02 '16 at 11:57
  • @Sven tried to disable http2 and use HTTP1.1, and now I don't encounter any slowness, thank you. so that means the problem is with http2 right?! but what it is? – Cooper May 02 '16 at 17:12
  • Post a test using something like webpagetest.org, along with corresponding access logs. Ideally test just retrieving a single jpeg file, but an example retrieving a full webpage would be useful too. – Tim May 03 '16 at 23:42
  • Please, provide the Apache configuration (at least the related VirtualHost), and specify if the issue is about loading a page with all its resources, or about loading a single static resource. If there is a PHP processing being the request, please let us know. Do you observe high CPU usage on the server during the waiting time? The timing shown in DevTools' network tab could provide useful information, if the slowness is caused by TLS handshake, sending, receiving, waiting, ... – Dylan Jul 04 '22 at 17:12

2 Answers2

2

1) Implementing SSL/TLS will naturally have extra latency. This is because the secure communication needs to be negotiated first. So HTTP is faster than HTTPS. But this should normally not cause your 4-7 seconds load time to go as high as 45 seconds.

2) This is not a Let's Encrypt issue. They just provide you with the certificate, like any other CAs out there. Their certificates do not take more time than others to load or negotiate.

3) Check if you have optimized your system already to use SSL/TLS. I suggest you just use 2048 bit keys rather than 4096 bit. All 2048 bit keys are considered safe as per industry standards and 4096 bit would only cost you more processing resources and time. But still, even with 4096 bit, that would not cost your load time to go up to 45 seconds.

You can also refer to Mozilla for some updated SSL directives and Ciphers.

Lastly, consider checking your VirtualHost and SSL configurations /etc/apache2/mods-enabled/ssl.conf. The issue is not directly with your certificate.

Tim
  • 31,888
  • 7
  • 52
  • 78
jarvis
  • 2,006
  • 4
  • 18
  • 31
  • Thanks for your answer, the problem appears to be the use of http2 not the ssl, once I disabled h2 the site returned to be fast with https, but h2 should help in improving the speed not make it very slow. I have search for this problem, but all I found was "disable h2" is there any other solution? – Cooper May 05 '16 at 11:40
  • What version of Apache (2.4.20 I guess if on latest stable version?). What version of openssl? Anything in log files? Developer of mod_http2 is very responsive for issues if you raise an issue with sufficient detail here: https://github.com/icing/mod_h2/issues – Barry Pollard May 05 '16 at 13:52
0

You should try activating http2. There are simple steps to do so:

a2dismod php7.0
a2dismod mpm_prefork
a2enmod mpm_event
a2enmod http2
systemctl restart apache2

Then edit (or create a file):

nano /etc/apache2/conf-available/http2.conf

And write the following:

<IfModule http2_module>
Protocols h2 h2c http/1.1
H2Direct on
</IfModule>

Then enable, and restart:

a2enconf http2
systemctl restart apache2

This is the source (in spanish)

borekon
  • 111
  • 3