Xjyuk

Cycle of actions and voice signals on a multipitch climb

Co-workers with a lot of money and openly talk about it

When did Bilbo and Frodo learn that Gandalf was a Maia?

Word for an event that will likely never happen again

Should I leave building the database for the end?

Link for download latest Edubuntu

How would you translate this? バタコチーズライス

Global BGP Routing only by only importing supernet prefixes

How can I find an old paper when the usual methods fail?

"Mouth-breathing" as slang for stupidity

Is this n-speak?

What unique challenges/limitations will I face if I start a career as a pilot at 45 years old?

What is the most difficult concept to grasp in Calculus 1?

Telephone number in spoken words

Are there examples in Tanach of 3 or more parties having an ongoing conversation?

A+ rating still unsecure by chrome's opinion

Why is the result of ('b'+'a'+ + 'a' + 'a').toLowerCase() 'banana'?

Does an Irish VISA WARNING count as "refused entry at the border of any country other than the UK?"

Did Pope Urban II issue the papal bull "terra nullius" in 1095?

(A room / an office) where an artist works

What is the farthest a camera can see?

What kind of liquid can be seen 'leaking' from the upper surface of the wing of a Boeing 737-800?

Finding the shaded region

How to gracefully leave a company you helped start?

A+ rating still unsecure by chrome's opinion

What determines the combination of ciphers available on an SSL server?Discrepancy in SSL Ciphers between Apache 2.2 and OpenSSL 1.0.1How to mitigate POODLE but keep SSLv3 support for old clientsnginx poodle fix configurationThe site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it - even with SHA2New SSL, Safari can't open the page b/c server unexpectedly dropped the connection (subdomain)Unable to disable SSLv3 in Apache for POODLEApache SSL FS disable SHA1nginx fails to send HSTS headers despite being configured to do so

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs

https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz

but when i connect to my size https://www.zandu.biz or https://zandu.biz

i get a unsecure notice inside chrome.

Any advice on how to solve this?

ssl apache-2.4 lets-encrypt

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

1

I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs

https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz

but when i connect to my size https://www.zandu.biz or https://zandu.biz

i get a unsecure notice inside chrome.

Any advice on how to solve this?

ssl apache-2.4 lets-encrypt

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

I am provisioning my server on Digital Ocean and although i am getting an A+ rating from ssllabs

https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz

but when i connect to my size https://www.zandu.biz or https://zandu.biz

i get a unsecure notice inside chrome.

Any advice on how to solve this?

ssl apache-2.4 lets-encrypt

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

New contributor

The Architect is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 9 hours ago

The ArchitectThe Architect

833 bronze badges

1 Answer
1

active

oldest

votes

6

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  or Vetter a wildcard cert i. e. from Letsencrypt
  
  – djdomi
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.
  
  – zrm
  5 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?
  
  – The Architect
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.
  
  – zrm
  3 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

The Architect is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f979297%2fa-rating-still-unsecure-by-chromes-opinion%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

6

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  or Vetter a wildcard cert i. e. from Letsencrypt
  
  – djdomi
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.
  
  – zrm
  5 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?
  
  – The Architect
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.
  
  – zrm
  3 hours ago
  

  
  
  
  

add a comment | 

6

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  or Vetter a wildcard cert i. e. from Letsencrypt
  
  – djdomi
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Wildcard certificates can be more convenient or necessary if the names you intend to use aren't actually known ahead of time. But they also increase your exposure if the associated private key is compromised because then the attacker can forge any name in your domain rather than only the ones that server was actually using.
  
  – zrm
  5 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you @zrm. This was very helpful. I went from unsecure to not secure for some reason. It's a set in the right direction. Does this have to do with the fact that its not signed from a CA, just let's encrypt?
  
  – The Architect
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Let's Encrypt is a CA. When they first started out they were cross-signed by IdenTrust but that ends in 2020 because their own root certificate is now widely trusted. None of that has anything to do with your problem, which would have been the same either way.
  
  – zrm
  3 hours ago
  

  
  
  
  

add a comment | 

This server could not prove that it is www.zandu.biz; its security
certificate is from zandu.biz. This may be caused by a
misconfiguration or an attacker intercepting your connection.

The common name in your site's certificate is zandu.biz, which is not valid for a different name (www.zandu.biz). Moreover, you have a redirect from zandu.biz to www.zandu.biz, so if you use the name the certificate is valid for it redirects to the name that it isn't.

What you need is to get a certificate with both names.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 8 hours ago

zrmzrm

10133 bronze badges

New contributor

zrm is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 8 hours ago

zrmzrm

10133 bronze badges