Hi! I successfully generated the certificates, but sites are loading very slowly in browser.
the sites are on a debian jessie server where pound listens on port 443 and negotiaties the certificates, passing to varnish, passing to apache.
With curl I see:
$ curl -v https://www.qumran2.net * Rebuilt URL to: https://www.qumran2.net/ * Trying 188.8.131.52... * Connected to www.qumran2.net (184.108.40.206) port 443 (#0) * found 148 certificates in /etc/ssl/certs/ca-certificates.crt * found 597 certificates in /etc/ssl/certs * ALPN, offering http/1.1
here it waits 3 seconds, then continues:
* SSL connection using TLS1.2 / DHE_RSA_AES_256_GCM_SHA384 * server certificate verification OK * server certificate status verification SKIPPED * common name: www.qumran2.net (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=www.qumran2.net * start date: Fri, 13 Oct 2017 20:08:40 GMT * expire date: Thu, 11 Jan 2018 20:08:40 GMT * issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 * compression: NULL * ALPN, server did not agree to a protocol > GET / HTTP/1.1 > Host: www.qumran2.net > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK < Date: Mon, 16 Oct 2017 08:02:32 GMT < Set-Cookie: PHPSESSID=ef1008e8acd174c8180384a421765e41; path=/ < Cache-Control: max-age=0, no-cache, no-store, must-revalidate, post-check=0, pre-check=0 < Pragma: no-cache < Set-Cookie: u=https%3A%2F%2Fwww.qumran2.net%2F; expires=Tue, 31-Oct-2017 08:02:32 GMT; Max-Age=1296000; path=/ < Set-Cookie: visited=1; expires=Mon, 16-Oct-2017 14:02:32 GMT; Max-Age=21600; path=/ < Set-Cookie: vecchioutente=1; expires=Sun, 23-Aug-2020 00:02:32 GMT; Max-Age=90000000; path=/ < Vary: Accept-Encoding < X-Mod-Pagespeed: 220.127.116.11-0 < Content-Type: text/html; charset=utf-8 < Age: 5266 < X-Cache: cached < Transfer-Encoding: chunked < Connection: keep-alive < Accept-Ranges: bytes < <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
I’m wondering if there is something wrong with the certificates…