Mfcttrf

Why aren't rainbows blurred-out into nothing after they are produced?

Does fossil fuels use since 1990 account for half of all the fossil fuels used in history?

If a person claims to know anything could it be disproven by saying 'prove that we are not in a simulation'?

How can I communicate my issues with a potential date's pushy behavior?

Should I leave building the database for the end?

Are there examples in Tanach of 3 or more parties having an ongoing conversation?

How would you translate this? バタコチーズライス

"Mouth-breathing" as slang for stupidity

What is a "soap"?

How can I find files in directories listed in a file?

(A room / an office) where an artist works

Is this n-speak?

How do some PhD students get 10+ papers? Is that what I need for landing good faculty position?

Global BGP Routing only by only importing supernet prefixes

When was "Fredo" an insult to Italian-Americans?

Word for an event that will likely never happen again

What are the odds of rolling specific ability score totals in D&D?

Installing Windows to flash UEFI/ BIOS, then reinstalling Ubuntu

Why is there a large performance impact when looping over an array with 240 or more elements?

How can I shoot a bow using strength instead of dexterity?

Weird resistor with dots around it

Causal Diagrams using Wolfram?

How was the murder committed?

A+ rating still unsecure by chrome's opinion

A+ rating still unsecure by chrome's opinion

What determines the combination of ciphers available on an SSL server?Discrepancy in SSL Ciphers between Apache 2.2 and OpenSSL 1.0.1How to mitigate POODLE but keep SSLv3 support for old clientsnginx poodle fix configurationThe site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it - even with SHA2New SSL, Safari can't open the page b/c server unexpectedly dropped the connection (subdomain)Unable to disable SSLv3 in Apache for POODLEApache SSL FS disable SHA1nginx fails to send HSTS headers despite being configured to do so

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs

https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz

but when i connect to my size https://www.zandu.biz or https://zandu.biz

i get a unsecure notice inside chrome.

Any advice on how to solve this?

ssl apache-2.4 lets-encrypt

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

1

I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs

https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz

but when i connect to my size https://www.zandu.biz or https://zandu.biz

i get a unsecure notice inside chrome.

Any advice on how to solve this?

ssl apache-2.4 lets-encrypt

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs

https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz

but when i connect to my size https://www.zandu.biz or https://zandu.biz

i get a unsecure notice inside chrome.

Any advice on how to solve this?

ssl apache-2.4 lets-encrypt

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

1 Answer
1

active

oldest

votes

6

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  or Vetter a wildcard cert i. e. from Letsencrypt
  
  – djdomi
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.
  
  – zrm
  5 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?
  
  – The Architect
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.
  
  – zrm
  3 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

The Architect is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f979297%2fa-rating-still-unsecure-by-chromes-opinion%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

6

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  or Vetter a wildcard cert i. e. from Letsencrypt
  
  – djdomi
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.
  
  – zrm
  5 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?
  
  – The Architect
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.
  
  – zrm
  3 hours ago
  

  
  
  
  

add a comment | 

6

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  or Vetter a wildcard cert i. e. from Letsencrypt
  
  – djdomi
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.
  
  – zrm
  5 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?
  
  – The Architect
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.
  
  – zrm
  3 hours ago
  

  
  
  
  

add a comment | 

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 8 hours ago

zrmzrm

10133 bronze badges