Issues with certificate on Scorecard

Hi to everyone after a check operation over the site the Security Scorecard i found these issues related to certificate:

Certificate is self signed
Certificate Lifetime is longher than Best Practises
Certificate dosen't have revocation control.

The fact is that i purchased this certificate recently and i don't understand how it's possible that a new certificate can have these kind of issue.
Thanks in advance !

Hello @wanciu
Please share your domain and other info requested.
We can help you resolve your issue

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @wanciu

if you have purchased a certificate, it's not a Letsencrypt certificate.

So this isn't a problem of this forum.

Ask the company you have purchased the certificate.

1 Like

How do we know the cert isn't from LE. Some folks get charged by technicians for installing LE certs. :frowning_face:

1 Like

I'd assume you'd pay for the service then and not for the certificate. But it might be just a poor choice of words I guess.

Also @Rip , you mention the hostname rockymountainhosting.ca in your questionnaire.. Crystal globe or forgotten to remove it from a copy/paste? :wink:

2 Likes

Rite-oh! Ill fix my blank.
And on the current thread, I'm just trying to be fair and give the benefit of the doubt. What would bring someone here and not to another CA?

1 Like

Offtopic: We've seen it before. Sometimes people see this Community as a general certificate/CA/TLS help forum..

2 Likes

I blame the search engines that brought them here [incorrectly].

@wanciu, it's very likely that your new certificate was issued but not installed on your server. The certificate is a file which needs to be obtained from the certificate authority and then installed appropriately onto the web server, including by making changes to the web server configuration. Otherwise, it just exists but doesn't accomplish anything.

Since your "Certificate is self signed" the one being served by your server is probably not the same one that you purchased.

As other people have pointed out, you might be on the wrong forum because this is the forum for the Let's Encrypt CA, a particular not-for-profit CA which does not charge anyone for its certificates. So if you paid for your certificate, you probably got it from someone else—and it would be more appropriate to ask for support on the forum for that CA instead of Let's Encrypt.

Good luck!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.