Can you fill out answers to the other questions in the questionnaire below?
Can you also show us the Apache virtual host(s) involved? And any other SSL-related settings from
httpd.conf or other included files?
options-ssl-apache.conf file doesn’t do anything on its own. Apache doesn’t look in
/etc/letsencrypt/ unless it’s told to. If you use Certbot’s apache installer to configure Apache, it will add an
Include directive to use it. If you used
certbot certonly, or removed the
Include from Apache’s configuration, that file won’t be involved.
Looking at the SSL Labs report for your website, it looks like you’re not using the Certbot Apache configuration – your settings are more secure than it is!
(Certbot’s Apache defaults are based on an older version of Mozilla’s intermediate configuration. They’re still fine, but contain some bottom-priority, mediocre settings that security scanners will warn about and that could be removed.)
Taking a quick look at what the Internet.nl scan says, not everything it says looks necessary or common (though not bad). Copying Mozilla’s current modern or intermediate configuration and ignoring any remaining complaints Internet.nl has would work.
Additionally, SSL Labs reports an issue with how Apache is configured: Your certificate is sent twice, which is incorrect, wastes bandwidth and will make some clients unable to access your website. There’s probably an issue with how
SSLCertificateChainFile are set.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):