After much googling and Serverfault browsing I still have an SSL problem :
Safari can't open the page at all, Firefox gives a "secure connection fail" after 5mn of inactivity (not browsing or anything). Chrome/Chromium return a 403 error then quickly reload the page and everything works.
It happened after installing an SSL certificate by Comodo. You can see the report here : https://www.ssllabs.com/ssltest/analyze.html?d=marketplace.mercicapitaine.fr&hideResults=on
SSL Shopper is all good :https://www.sslshopper.com/ssl-checker.html#hostname=marketplace.mercicapitaine.fr
TLS is 1.2SSLlabs says : "The server does not support Forward Secrecy with the reference browsers." and "This server supports weak Diffie-Hellman (DH) key exchange parameters."
I did a TCPdump, but i'm having a hard time understanding it..
I'm not a server guy so any tips on how to debug/trace error is welcome. It's hosted on NGINX, nothing special on the error log.
Thanks a lot in advance for your time :)
Edit:nginx config:
server { listen *:80; listen *:443 ssl; ssl_certificate /home/ubuntu/ssl_2016/ssl-bundle.crt; ssl_certificate_key /home/ubuntu/ssl_2016/mckey.key; server_name marketplace.mercicapitaine.fr; access_log /var/log/nginx/marketplacemercicapitainefr.access.log; error_log /var/log/nginx/marketplacemercicapitainefr.error.log; root /srv/marketapp/; index index.html index.htm index.php; fastcgi_buffers 16 16k; fastcgi_buffer_size 16k; fastcgi_read_timeout 900; client_max_body_size 50M;if ($scheme = http) { return 301 https://$server_name$request_uri;}# This order might seem weird - this is attempted to match last if rules below fail.location / { try_files $uri $uri/ /index.php?$args;}# Add trailing slash to */wp-admin requests.rewrite /wp-admin$ $scheme://$host$uri/ permanent;# Directives to send expires headers and turn off 404 error logging.location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max;}location = /favicon.ico { log_not_found off; access_log off;}location = /robots.txt { allow all; log_not_found off; access_log off;}location ~* \.(js|css|png|jpg|jpeg|gif|ico|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|wml|swf|pdf|doc|docx|ppt|pptx|zip)$ { expires max; log_not_found off; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate";}location ~* \.()$ { expires 31536000s;} location ~ [^/]\.php(/|$) { fastcgi_index index.php; include fcgi.conf; fastcgi_pass unix:/var/run/ajenti-v-php-fcgi-marketplacemercicapitainefr-php-fcgi-0.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }}