Everything seems to work fine, however, Firefox on android returns "Secure Connection Failed" (Firefox on Windows works just fine). It also says "The page you are trying to view cannot be shown because the authenticity of the data could not be verified" and "Please contact the website owners to inform them of this problem"
My domain and hosting provider is namecheap (I have shared hosting). I contacted their support, and they told me I should contact you ("As for the domain mansimaheta.com, the issue is related to the SSL certificate. According to our check, the domain uses SSL by Let's Encrypt. It would be necessary to contact their support.")
My issue seems to be distinct from this issue:
Because as far as I can tell, the ssllabs test does not return ‘This server’s certificate chain is incomplete’.
Also, chrome on android works for me
Not sure whether this helps, but this is what I see in the cpanel:
Firefox (98.0) on Windows definitely does not work fine: it complains MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
No, it doesn't. But it does tell you something else:
This server certificate supports OCSP must staple but OCSP response is not stapled.
So you should either tell your hosting to enable OCSP stapling or to avoid asking for the ocsp-must-staple extension (it's better if they actually do both).
Ok, your that Wordpress plugin is not very good at explaining what it does when asking about OCSP.
The "Enable OCSP" switch they added actually enables OCSP must staple, that can be useful but it's usually not. OCSP must then be enabled at the web server level, in cPanel, probably.
What pisses me off is that they forced you to obtain a certificate in this nearly manual way instead of just making you throw a switch in cPanel. Assholes.
I'd look for another hosting provider. There are several that offer literally effortless configuration of Let's Encrypt certificates.
Hello,
thanks for the detailed response!
I just received below response from namecheap, I guess the thread can be closed.
OCSP Stapling requires global-server changes which, unfortunately, cannot be implemented on Shared hosting.
Thus, to our deepest regret, we will not be able to change this for your domain. If you would like to use specifically LetEncrypt for this domain, you can consider using our VPS servers for it.
Enabling ocsp stapling has no negative effect on people that don't need it.
In the meantime you can disable ocsp must-staple and get another certificate, but really think about getting a hosting that automatically installs Let's Encrypt certificates for you.
Your current one doesn't because they want to sell you their certificates.
