Does /g/ live up to its big mouth? Prove it here.
https://www.ssllabs.com/ssltest/index.html
https://observatory.mozilla.org/
All the websites I run are pretty small so I don't care about compatibility. But I don't pin my certificates (I should enable CAA, though, but my Nameserver doesn't support it) because I don't trust myself to prevent a catastrophic fuckup.
>>60433255
That's just fine, Anon. I can afford exclusively using the stronger cipher suites and TLS 1.2 only, but if you serve a lot of customers you really have to make concessions, I get it. You're doing great. Are you using your own name servers or some third party's, btw?
I got an f
>>60434529
Great stuff, sport.
Are these yours?
Using cloudflare
Not using cloudflare
By the way, where can i get certificates for free?
>>60436314
Let's Encrypt
Meh. I have a cert from LetsEncrypt, but it's hosted on a RPi that's piggybacked on my local coffeeshop's network.
They left the config pw on default so I opened some ports :^)
>>60436421
Thanks
>>60436508
Forgot pic
Just quickly got CAA set up in my zone file, but it was A+ before that.
>>60436529
Those scores should be enough for an A+. What's capping you to an A?
>>60436828
Don't have CAA set up, I think
>>60436845
CAA isn't necessary for an A+
>>60436314
I use AWS to host my site on S3.
They have a free SSL cert service that is quite nice, and you can attach the cert to a CloudFront instance which is their CDN service.
Of course it is easier to have everything on AWS like I am doing, but your Cloudfront can be a cdn/cache for any domain.
>>60437561
My site setup this way got "A" on ssllabs.com for the ip4 hosts, and a warning apparently due to the ip6 hosts.
Got an F from mozilla for reasons in pic. I am using mostly default settings on cloudfront so I don't know if those issues can be fixed.
>>60437943
>>60438244
>not needed since site contains no script tags
good for you anon