SSL from Certbot not trusted by Fortiguard?

Hello,

I'm quite new at this, sorry if the message is missing infos.
I recently followed a great tutorial on making an API and deploy it on a VPS. I have setup Nginx and used Certbot to generate my SSL certificate. At home on my wifi, and with my mobile's datas, it works great. However, on my office's wifi, I cannot access it. Fortiguard blocks my website. My office's wifi is not that special, as I can access really any websites.

How can I make it trusted by Fortiguard ?

I did a test on SSL Labs and it looked good. I then used that really advanced website to find some improvements but I cannot understand everything : mygrid.princeprod.com - Make your website better - DNS, redirects, mixed content, certificates
Also, on the Fortiguard web filter look up website (Web Filter Lookup | FortiGuard Labs), my domain is in the category 'Newly Observed Domain'. Is it related ?

I'd love to know what should I improve on my server side.

Thank you !

My domain is: mygrid.princeprod.com

I ran this command: GET request

It produced this output: NET::ERR_CERT_AUTHORITY_INVALID

My web server is (include version): Linux 6.8.0-53-generic

The operating system my web server runs on is (include version): Ubuntu 24.04.2 LTS

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 3.2.0

wait 30 min and try agian? it may hard for you to keep enough people visited so it doesn't get evicted from FDN cache

Looks that Fortiguard tried to man-in-the-middle your connection to display a block page. This usually require importing a private CA certificate from the filtering software.

Hi again,

Thanks for your answers.
I waited and it looks like Fortiguard still blocks me. I sent a new request to rate my website : Web Filter Classification Rating Request | FortiGuard Labs

I'll keep this post updated.

Hello,

Good news: my website is now working on a Wi-Fi setup with Fortiguard. I'm writing down my solution to help other people out.

Fortiguard rate websites into categories to help ITs protect their network. ITs can decide which category to block instead of writing an endless white list. To know into what category your website is registered, you can type your domain into the Fortiguard Web Filter Look up : Web Filter Lookup | FortiGuard Labs

When you create a website, it will be rated as a "Newly Domain Observed" (NDO) or "Newly Registered Domain" (NRD). After some time (see orangepizza linked article), Fortiguard put your website into the 'Not rated' category.

Naturally, ITs block the 'Not Rated' category (and the NDO / NRD), so you have to change the rating of your website on Fortiguard by sending a request here : Web Filter Classification Rating Request | FortiGuard Labs

If Fortiguard accepts your request, your website's category will be updated (they will send you a confirmation via an email).

Thanks guys for helping!