How to get 'A' rated cert!?


My domain is: (this is hosted with Godaddy).
However, I tried to create LetsEncrypt certificate for a Linux server (Amazon Linux2 with Apache httpd). The domain name of the server “” and alias is “” note these are FQDN but are just domain and alias of a Linux server!
(At that time DNS entries for these existed in records with Godaddy, I have removed it now)

I ran this command: Do not recollect the command, but both the certificates were produced successfully. I was guided to test the certificates at, which I did.

It produced this output: received a ‘T’ rating & received a ‘A’ rating !!

My web server is (include version): Apache/2.4.34

The operating system my web server runs on is (include version): Amazon Linux 2

My hosting provider, if applicable, is:

I can log in to a root shell on my machine (yes or no, or I don’t know): Yes, I have access to root.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Not applicable

How can I get an ‘A’ certificate for the domain name assigned to the server?


We’d need more information to be sure what went wrong.

You have a Let’s Encrypt certificate for both names, so it should have worked without issue.

It’s likely that one of the web server’s virtual hosts was configured to use a different certificate, maybe a default self-signed one.

Can you reenable the server, or post the Apache configuration?

Hi @samraw003 has a timeout, no connection. This is your T - rating.

So start your https - server.

I think T in the Qualys context means “not trusted”, such as when the certificate name does not match or when there is no path to a trust anchor.

You are right that it’s currently timing out though!

1 Like

Hi JuergenAuer,

Thanks for kind support.

When I checked the rating on the given url at that time everything was working. As of today I have removed the certificates and reverted to an old snapshot.

Would it help if I re-enable the earlier setup?

Though I do not know how to do that as I have not kept the license files.


Hi mnordhoff,

Thanks for your kind help.

I have reverted to an older snapshot of the server and have not kept the certificates. Is there any way to re-enable it on the new instance? Or I need to generate new certificates?

Thanks and regards


It's impossible to find a solution if you remove your https - settings.

You have two certificates created 2018-09-28;include_subdomains:true;

with the correct two domain names


the www-version is correct, but the non-www version wrong, that looks like a small configuration error (missing as alias of the www-version to use the same vHost and the same correct certificate).

Hi @JuergenAuer

Thanks again.

So, with the certificates now lost what should I do?


Then install it again.


How to get ‘A’ rated cert!

This question is wrong. A certificate has no A-rate. A running https - service can have an A-rate (defined via SSLLabs).

When you say install it again- it means I need to again set it up and apply for a new certificate?

Your point on ‘A’ rated certificate vs a service is noted! :)! I was totally unaware of it, that’s why I removed it in a hurry.

Thanks a ton for your guidance and support!


If you've deleted the cert, then yes, you need to create a new one.

Hi @danb35

Thanks a lot!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.