@JuergenAuer, @jmorahan just an update, thank you so much for your help on this!
I ended up contacting GoDaddy by filling out their little “Would you recommend us?” Survey and giving them a 1/10. (I worked as a BA for 17 years at Bell Aliant, so I know that survey results under a certain value get flagged and go to management.)
Sure enough, I was contacted by a senior product manager the next day (haha!)
Anyway it was, as you had mentioned, a problem on the server I was hosting on. They gave me 2 free years of hosting on a different server for finding the bug, (it took them a couple of weeks to deploy the fix on the server I had been on.)
Apparently the reason they don’t have the Let’s Encrypt extensions on Plesk is it conflicts somehow with their certificates, since they are also a certificate authority. I couldn’t tell you if that’s just a bunch of hot air or not though!
He also said that the reason I can’t request a CSR for both www and no www on my domain actually has to do with how Plesk is setup, which isn’t something they can change. This seems odd to me that Plesk would force you to choose only one…he suggested trying to request a wild card CSR in Plesk, which I haven’t done yet. What are your thoughts on the wildcard certs? I was reading that Let’s Encrypt does allow it now, but does it only allow it through CertBot?
My last question for you, is that on SSL Labs, My grade is getting capped at B, with the following message. I want to write to the guy asking him if they are going to upgrading/fixing this on their server soon, but don’t want to sound like an idiot. Would I just word it as such? (As in, are you planning on upgrading the server to support AEAD cipher suites?)
This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B
Your site should use secure cipher suites. AEAD is the only encryption approach without any known weaknesses. The alternative, CBC encryption, is susceptible to timing attacks (as implemented in TLS). AEAD suites provide strong authentication, key exchange, forward secrecy, and encryption of at least 128 bits. TLS 1.3 supports only AEAD suites. SSL Labs doesn’t currently reward the use of AEAD suites. In this grading criteria update we will start requiring AEAD suites for A.
Grade will be capped to B, if AEAD suites are not supported. As with forward secrecy, we will not penalize sites if they continue to use non-AEAD suites provided AEAD suites are negotiated with clients that support them.
Thanks so much for your help on this! The broken chain authority was causing weird issues- Instagram wouldn’t load my website in their App, and Pinterest wouldn’t bring up any images when trying to pin anything from my site either. So I’m really glad it’s working now!
All the best,