A+ rating still unsecure by chrome's opinionWhat determines the combination of ciphers available on an SSL server?Discrepancy in SSL Ciphers between Apache 2.2 and OpenSSL 1.0.1How to mitigate POODLE but keep SSLv3 support for old clientsnginx poodle fix configurationThe site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it - even with SHA2New SSL, Safari can't open the page b/c server unexpectedly dropped the connection (subdomain)Unable to disable SSLv3 in Apache for POODLEApache SSL FS disable SHA1nginx fails to send HSTS headers despite being configured to do so

Why aren't rainbows blurred-out into nothing after they are produced?

Does fossil fuels use since 1990 account for half of all the fossil fuels used in history?

If a person claims to know anything could it be disproven by saying 'prove that we are not in a simulation'?

How can I communicate my issues with a potential date's pushy behavior?

Should I leave building the database for the end?

Are there examples in Tanach of 3 or more parties having an ongoing conversation?

How would you translate this? バタコチーズライス

"Mouth-breathing" as slang for stupidity

What is a "soap"?

How can I find files in directories listed in a file?

(A room / an office) where an artist works

Is this n-speak?

How do some PhD students get 10+ papers? Is that what I need for landing good faculty position?

Global BGP Routing only by only importing supernet prefixes

When was "Fredo" an insult to Italian-Americans?

Word for an event that will likely never happen again

What are the odds of rolling specific ability score totals in D&D?

Installing Windows to flash UEFI/ BIOS, then reinstalling Ubuntu

Why is there a large performance impact when looping over an array with 240 or more elements?

How can I shoot a bow using strength instead of dexterity?

Weird resistor with dots around it

Causal Diagrams using Wolfram?

How was the murder committed?

A+ rating still unsecure by chrome's opinion



A+ rating still unsecure by chrome's opinion


What determines the combination of ciphers available on an SSL server?Discrepancy in SSL Ciphers between Apache 2.2 and OpenSSL 1.0.1How to mitigate POODLE but keep SSLv3 support for old clientsnginx poodle fix configurationThe site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it - even with SHA2New SSL, Safari can't open the page b/c server unexpectedly dropped the connection (subdomain)Unable to disable SSLv3 in Apache for POODLEApache SSL FS disable SHA1nginx fails to send HSTS headers despite being configured to do so






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs



https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz



but when i connect to my size https://www.zandu.biz or https://zandu.biz



i get a unsecure notice inside chrome.



Any advice on how to solve this?










share|improve this question







New contributor



The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



























    1















    I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs



    https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz



    but when i connect to my size https://www.zandu.biz or https://zandu.biz



    i get a unsecure notice inside chrome.



    Any advice on how to solve this?










    share|improve this question







    New contributor



    The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      1












      1








      1








      I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs



      https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz



      but when i connect to my size https://www.zandu.biz or https://zandu.biz



      i get a unsecure notice inside chrome.



      Any advice on how to solve this?










      share|improve this question







      New contributor



      The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs



      https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz



      but when i connect to my size https://www.zandu.biz or https://zandu.biz



      i get a unsecure notice inside chrome.



      Any advice on how to solve this?







      ssl apache-2.4 lets-encrypt






      share|improve this question







      New contributor



      The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share|improve this question







      New contributor



      The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share|improve this question




      share|improve this question






      New contributor



      The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      asked 9 hours ago









      The ArchitectThe Architect

      83 bronze badges




      83 bronze badges




      New contributor



      The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




      New contributor




      The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.

























          1 Answer
          1






          active

          oldest

          votes


















          6















          This server could not prove that it is www.zandu.biz; its security
          certificate is from zandu.biz. This may be caused by a
          misconfiguration or an attacker intercepting your connection.




          The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.



          What you need is to get a certificate with both names.






          share|improve this answer








          New contributor



          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





















          • or Vetter a wildcard cert i. e. from Letsencrypt

            – djdomi
            8 hours ago











          • Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.

            – zrm
            5 hours ago











          • Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?

            – The Architect
            4 hours ago











          • Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.

            – zrm
            3 hours ago













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );






          The Architect is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f979297%2fa-rating-still-unsecure-by-chromes-opinion%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          6















          This server could not prove that it is www.zandu.biz; its security
          certificate is from zandu.biz. This may be caused by a
          misconfiguration or an attacker intercepting your connection.




          The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.



          What you need is to get a certificate with both names.






          share|improve this answer








          New contributor



          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





















          • or Vetter a wildcard cert i. e. from Letsencrypt

            – djdomi
            8 hours ago











          • Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.

            – zrm
            5 hours ago











          • Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?

            – The Architect
            4 hours ago











          • Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.

            – zrm
            3 hours ago















          6















          This server could not prove that it is www.zandu.biz; its security
          certificate is from zandu.biz. This may be caused by a
          misconfiguration or an attacker intercepting your connection.




          The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.



          What you need is to get a certificate with both names.






          share|improve this answer








          New contributor



          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





















          • or Vetter a wildcard cert i. e. from Letsencrypt

            – djdomi
            8 hours ago











          • Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.

            – zrm
            5 hours ago











          • Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?

            – The Architect
            4 hours ago











          • Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.

            – zrm
            3 hours ago













          6












          6








          6








          This server could not prove that it is www.zandu.biz; its security
          certificate is from zandu.biz. This may be caused by a
          misconfiguration or an attacker intercepting your connection.




          The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.



          What you need is to get a certificate with both names.






          share|improve this answer








          New contributor



          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.










          This server could not prove that it is www.zandu.biz; its security
          certificate is from zandu.biz. This may be caused by a
          misconfiguration or an attacker intercepting your connection.




          The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.



          What you need is to get a certificate with both names.







          share|improve this answer








          New contributor



          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.








          share|improve this answer



          share|improve this answer






          New contributor



          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.








          answered 8 hours ago









          zrmzrm

          1013 bronze badges




          1013 bronze badges




          New contributor



          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.




          New contributor




          zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.

















          • or Vetter a wildcard cert i. e. from Letsencrypt

            – djdomi
            8 hours ago











          • Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.

            – zrm
            5 hours ago











          • Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?

            – The Architect
            4 hours ago











          • Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.

            – zrm
            3 hours ago

















          • or Vetter a wildcard cert i. e. from Letsencrypt

            – djdomi
            8 hours ago











          • Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.

            – zrm
            5 hours ago











          • Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?

            – The Architect
            4 hours ago











          • Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.

            – zrm
            3 hours ago
















          or Vetter a wildcard cert i. e. from Letsencrypt

          – djdomi
          8 hours ago





          or Vetter a wildcard cert i. e. from Letsencrypt

          – djdomi
          8 hours ago













          Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.

          – zrm
          5 hours ago





          Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.

          – zrm
          5 hours ago













          Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?

          – The Architect
          4 hours ago





          Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?

          – The Architect
          4 hours ago













          Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.

          – zrm
          3 hours ago





          Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.

          – zrm
          3 hours ago










          The Architect is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          The Architect is a new contributor. Be nice, and check out our Code of Conduct.












          The Architect is a new contributor. Be nice, and check out our Code of Conduct.











          The Architect is a new contributor. Be nice, and check out our Code of Conduct.














          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f979297%2fa-rating-still-unsecure-by-chromes-opinion%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

          Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

          199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單