KryptonRazer Posted July 27, 2019 Share Posted July 27, 2019 (edited) // edit: added template for bug reports NAME: Webserver certificate mismatch skylords.eu SEVERITY: 3 LOCATION: Website REPRODUCIBILITY: ALWAYS DESCRIPTION: Server key certificates common names does not match for forum and top level website. Hey guys, I just noticed you have a mismatch of the common name for your server key certificate. Meaning your let's encrypt certificate uses "allcards.skylords.eu" as common name so it is not valid for the following (sub-)domains: cardbase.skylords.eu dev.skylords.eu forum.skylords.eu www.skylords.eu This leads to the "server not trusted" warning on some browsers. Also your server allows unsafe DH key exchange, as you are using nginx you might want to change your cipher phrase to something like: Spoiler ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; With Best Regards KryptonRazer Edited July 27, 2019 by KryptonRazer Link to comment Share on other sites More sharing options...
Recommended Posts