Fix NGINX Error: could not allocate new session in SSL session shared cache “le_nginx_SSL” while SSL handshaking

A typical web server error with Nginx si Certbot, which I recently discovered in error.log:

[alert] 19765#19765: *151498 could not allocate new session in SSL session shared cache "le_nginx_SSL" while SSL handshaking, client: ip.ip.ip.ip, server: 0.0.0.0:443

It is an error that occurs sporadically, only in certain scenarios and most often on high traffic websites. Large number of queries.

"le_nginx_SSL", As can be deduced from the name, is responsible for SSL sessions served to queries. Time when the Let's Encrypt SSL certificate is verified, installed on the server with the help certbot.

Why the NGINX error "could not allocate new session in SSL session shared cache"le_nginx_SSL"While SSL handshaking"

NGINX SSL sessions are stored in a shared memory to serve each query in the browser. When the space allocated to the shared SSL cache is full and NGINX fails to free up space for a new session, this error message appears.

It's not about one critical error of NGINX nor does it have a huge impact on the user experience. By the way in “error.log ”is denoted by“[alert]".

How to fix NGINX error "could not allocate new session in SSL session shared cache"le_nginx_SSL"While SSL handshaking"

When you install Certbot on a web server (CentOS, Ubuntu) are created several configuration files through which the new service responsible for SSL (Let's Encrypt) certificates communicates with NGINX. One of these files is and options-ssl-nginx.conf. Configuration file in which we can allocate more space for SSL share memory or we can change the time in which an SSL session expires and is deleted automatically.

sudo nano /etc/letsencrypt/options-ssl-nginx.conf

In options-ssl-nginx.conf we can change the parameters, but be very careful, because the changes here will affect the renewal of SSL certificates.

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

We can change how long a session is stored in shared shared memory for "le_nginx_SSL". I allocated 10 MB for SSL shared cache sessions, with a timeout period of 1440 minutes (24 hours).

For high traffic sites it is recommended that the shared cache be increased, but a balance between traffic (number of sessions) and the amount of time a session will be stored is required.

In my case, the value change at "ssl_session_cache shared:le_nginx_SSL:15m".

Passionate about technology, I like to test and write tutorials about operating systems macOS, Linux, Windows, about WordPress, WooCommerce and LEMP web server configuration (Linux, NGINX, MySQL and PHP). I write on StealthSettings.com since 2006, and a few years later I started writing on iHowTo.Tips tutorials and news about devices in the ecosystem Apple: iPhone, iPad, Apple Watch, HomePod, iMac, MacBook, AirPods and accessories.

Leave a Comment