Site verification problem

I’m having a problem and I’d like your help. There is an e-commerce site, which we use Letsencypt, however, this has had problems racking on Google. In testing with the https://moz.com/ tool, when we use SSL the tool can not read the site. We think it’s the same problem with Google.

Is there anything I can do? Any configuration?

My domain is:

Certificates
crt.sh ID Logged At ⇧ Not Before Issuer Name
216894018 2017-09-24 2017-09-24 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
215043704 2017-09-21 2017-09-21 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
213854205 2017-09-20 2017-09-20 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
208267751 2017-09-11 2017-09-11 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
206719527 2017-09-09 2017-09-09 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
204321229 2017-09-04 2017-09-04 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
202995552 2017-09-02 2017-09-02 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
201041025 2017-08-29 2017-08-29 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
195509902 2017-08-21 2017-08-21 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
195508741 2017-08-21 2017-08-21 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
194400836 2017-08-20 2017-08-20 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
194277888 2017-08-19 2017-08-19 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
184405590 2017-08-05 2017-08-05 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
182661826 2017-08-02 2017-08-02 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
174751057 2017-07-18 2017-07-18 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
174754909 2017-07-18 2017-07-18 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
174750779 2017-07-18 2017-07-18 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
174746395 2017-07-18 2017-07-18 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
167658651 2017-07-06 2017-07-06 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
167658140 2017-07-06 2017-07-06 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
167652845 2017-07-06 2017-07-06 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
124470435 2017-04-20 2017-04-17 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA

My web server is (include version):

Apache2 - 2.4.7-1ubuntu4.18 amd64

The operating system my web server runs on is (include version):

Ubuntu Linux

Hi @evertonaramuni,

You site has several issues that you can view using ssllabstest https://www.ssllabs.com/ssltest/analyze.html?d=3dfila.com.br&hideResults=on

You need to specify the intermediate cert for Let’s Encrypt, as you are using Apache 2.4.7 you should have this configuration in your VirtualHost (changing yourdomain by your right domain inside letsencrypt structure):

SSLCertificateFile      /etc/letsencrypt/live/yourdomain/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt/live/yourdomain/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain/chain.pem

So I guess you don’t have the last directive SSLCertificateChainFile and you should because it loads the intermediate cert.

The other issues are regarding the cipher suite used, you allow insecure ciphers like RC4, etc.

If you want advice to known what could be a right configuration for your Apache, take a look to this page: https://mozilla.github.io/server-side-tls/ssl-config-generator/

Also, your site is serving contents using http instead of https, for example, your main.js file is trying to load content from these pages (http sites):

http://maps.gstatic.com/maps-api-v3/api/js/20/10/common.js
http://maps.gstatic.com/maps-api-v3/api/js/20/10/util.js
http://maps.gstatic.com/maps-api-v3/api/js/20/10/stats.js

And it should load them using https:

https://maps.gstatic.com/maps-api-v3/api/js/20/10/common.js
https://maps.gstatic.com/maps-api-v3/api/js/20/10/util.js
https://maps.gstatic.com/maps-api-v3/api/js/20/10/stats.js

I saw also you were using SSL3 but now seems you have corrected that in your Apache conf

Good luck,
sahsanu

Dear Sahsanu,

Thank you very much for your support.

Could you check if it’s ok now? I have made the requested changes.

Hi @evertonaramuni, your Apache conf for TLS looks good now

You need to solve the other issue, your wordpress pluging usermap is trying to load 3 external files using http instead of https so some browsers (like Firefox) detect them as mixed content so doesn’t load them and show a warning.

imagen.png1142×910 239 KB

If you fix that you are done (at least for me)

Cheers,
sahsanu

Excellent.

I will request the adjustment and inform you.

Thank you very much.

Não costumo comentar no conteúdo dos sites porque todos têm o mesmo direito de pedir ajuda aqui, seja que for o conteúdo do site. Mas nesse caso arrisco dizer como é legal saber que ainda tem muito interesse pela impressão 3D no Brasil. (Tenho um amigo brasileiro que trabalhava na área.) Boa sorte com seu site!

Boa tarde.

Conseguimos resolver com a ajuda do @sahsanu.

Muito obrigado pela ajuda!!

Grande abraço.

Everton

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.