Fix NGINX Error: could not allocate new session in SSL session shared cache “le_nginx_SSL” while SSL handshaking

A typical error of web servers with NGINX and Certbot, which I have recently discovered in error.log:

[alert] 19765#19765: *151498 could not allocate new session in SSL session shared cache "le_nginx_SSL" while SSL handshaking, client: ip.ip.ip.ip, server: 0.0.0.0:443

It is an error that appears sporadically, only in certain scenarios and most of the time on the websites with high traffic. Large number of interrogations.

“le_nginx_SSL“, as you can deduce from the name, respond to SSL sessions served to interrogations. During which the SSL Let's Encrypt certificate is checked, installed on the server with the help of certbot.

Why does the nginx error appear “could not allocate new session in SSL session shared cache “le_nginx_SSL” while SSL handshaking”

NGINX SSL sessions are kept in a shared memory “share” to serve every query in browser. When the space allocated to the shared memory (Shared) SSL is full, and Nginx fails to release space for a new session, this error message appears.

It is not about a Error criticize ningx nor does it have a great impact on the experience of the users. In fact “error.log” is noted with “[alert]“.

How we solve the nginx error “could not allocate new session in SSL session shared cache “le_nginx_SSL” while SSL handshaking”

When we install Certbot On a web server (Centos, Ubuntu), several configuration files are created through which the new service that is responsible for the SSL certificates (Let's Encrypt) communicates with NGINX. One of these files is and options-ssl-nginx.conf. Configuration file in which we can allocate a larger space for SSL's share memory or change the time when an SSL session expires and be automatically deleted.

sudo nano /etc/letsencrypt/options-ssl-nginx.conf

In options-ssl-nginx.conf We can change from parameters, but great attention, because the changes here will affect the renewal of SSL certificates.

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

We can change as long as a session is stored in shared memory shared for “le_nginx_SSL”. I allocated 10 MB for SSL's cache shared sessions, with a period of 1440 minutes (24 hours).

• How to move a blog or WordPress website from http to https (NGINX)
• How can we share files between two or more user accounts in Mac OS X
• How we install SSL (HTTPS Connection) certified for a Hostat website on a NGINX server without CPanel or Vestacp
• What is and how we block the access of a user agent (bot or browser) on a website [nginx tips]

For sites with high traffic it is recommended that the shared cache be increased, but it needs a balance between traffic (the number of sessions) and the time period as a session will be stored.

In my case it worked to change value at “ssl_session_cache shared:le_nginx_SSL:15m“.