KryptonRazer
-
Posts
1 -
Joined
-
Last visited
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use
3 - Webserver certificate mismatch skylords.eu
in Resolved
Posted · Edited by KryptonRazer
// edit: added template for bug reports
NAME: Webserver certificate mismatch skylords.eu
SEVERITY: 3
LOCATION: Website
REPRODUCIBILITY: ALWAYS
DESCRIPTION: Server key certificates common names does not match for forum and top level website.
Hey guys,
I just noticed you have a mismatch of the common name for your server key certificate. Meaning your let's encrypt certificate uses "allcards.skylords.eu" as common name so it is not valid for the following (sub-)domains: cardbase.skylords.eu dev.skylords.eu forum.skylords.eu www.skylords.eu
This leads to the "server not trusted" warning on some browsers.
Also your server allows unsafe DH key exchange, as you are using nginx you might want to change your cipher phrase to something like:
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
With Best Regards
KryptonRazer