[notanote]

I can confirm this issue. It’s related to Fedora’s crypto-policies which are more restrictive than Firefox. In this case it seems to be caused by the SHA1 DigiCert root in your cert chain, not by your nginx settings.

Edit to add: It’s possible to run update-crypto-policies --set=DEFAULT:SHA1 and avoid enabling the whole LEGACY policy

[saurik]

Ah... OK, well, I'm not going to mess with that in the near future (sorry) :(. If it makes you feel any better (or worse!! ;P) my personal website didn't support SSL at all until this past week. I might reconsider the certificate chain I use in another month or so when I have to update my certificates anyway.