Newbie problem with expanding the certificate


#41

Happy to read that. You have rechecked your domain, now I see a Grade E.

Both connections are secure, no loop, no http status 500. The certificate has both domain names and is 87 days valide.


Later you may change the details: Correct redirect (Grade A, not E) and only one http status 200 as result (one preferred version).


#42

Ah, got it to grade C. But this alludes me:

C Error - more then one version with Http-Status 200

Any suggestions?


#43

You don’t have a preferred version:

Domainname Http-Status redirect Sec. G
http://psykolog.nu/
178.79.154.124 301 https://psykolog.nu/ 0.044 A
http://www.psykolog.nu/
178.79.154.124 301 https://www.psykolog.nu/ 0.043 A
https://psykolog.nu/
178.79.154.124 200 5.250 A
https://www.psykolog.nu/
178.79.154.124 200 5.257 A

So some users read the https + non-www, other the https + www - version, users may add links to both versions, search engines may spider both, so you have duplicated content.

So choose one version as the preferred version.

And add a redirect https + not-preferred-version -> https + preferred-version.

4 urls, three redirects, at the end, every user has the same site.

Compare it with other sites who has a www and a non-www dns entry and grade A or B.


#44

First: very grateful for all the help!

Now, I understand what I have to do but not how I should go on with this. I have following nginx config:

#redirect all www to non-ww 

server {
        server_name www.psykolog.nu;
        ssl_certificate /location ;
        ssl_certificate_key /location;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        listen *:80;
        listen *:443 ssl;
        listen [::]:80 ipv6only=on;
        listen [::]:443 ssl ipv6only=on;

        return 301 https://psykolog.nu$request_uri;
}

# Redirect all non-encrypted to encrypted
server {
        server_name psykolog.nu;
        listen *:80;
        listen [::]:80;
        return 301 https://psykolog.nu$request_uri;
}

#main

server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        server_name psykolog.nu;
     
        ssl_certificate /location;
        ssl_certificate_key /location;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
     
   root /location;
   index index.html index.htm index.nginx-debian.html;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

}

Why do I still get:
“C Error - more then one version with Http-Status 200”?


#45

SIte: https://www.psykolog.nu/
fails to redirect.

Change:
#redirect all www to non-www
server {
server_name www.psykolog.nu;
ssl_certificate /location ;
ssl_certificate_key /location;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
listen *:80;
listen *:443 ssl;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl ipv6only=on;
return 301 https://psykolog.nu$request_uri;
}

into two separate blocks:
[and adjust the redirection to be more as expected]

#redirect all www to non-www 80
server {
server_name www.psykolog.nu;
listen *:80;
listen [::]:80 ipv6only=on;
return 301 https://www.psykolog.nu$request_uri;
}

#redirect all www to non-www 443
server {
server_name www.psykolog.nu;
ssl_certificate /location ;
ssl_certificate_key /location;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
listen *:443 ssl;
listen [::]:443 ssl ipv6only=on;
return 301 https://psykolog.nu$request_uri;
}


#46

This definition

isn’t used. If this block would be used, my tool would see a redirect http + www -> https + non-www, that would be a Grade E.

But you don’t have a Grade E. Your last check ( https://check-your-website.server-daten.de/?q=psykolog.nu ):

Domainname Http-Status redirect Sec. G
http://psykolog.nu/
178.79.154.124 301 https://psykolog.nu/ 0.046 A
http://www.psykolog.nu/
178.79.154.124 301 https://www.psykolog.nu/ 0.047 A
https://psykolog.nu/
178.79.154.124 200 5.217 A
https://www.psykolog.nu/
178.79.154.124 200 5.203 A

So you have a second server with the same server name (or the default) and port 443 without a redirect.