Unable to get A+ certificate for URL post configuring Nginx to match all the parameters above 90%.
Kindly, review the attach config and results and assist me to get A+ Certificate.
Thanks in Advance
Your server has Http Strict Transport Security (HSTS) defined as 86400 seconds which is 1 day.
On official ssllabs rating guide there is info: New grade A+ is introduced for servers with exceptional configurations. At the moment, this grade is awarded to servers with good configuration, no warnings, and HTTP Strict Transport Security support with a max-age of at least 6 months.
To get A+ you need to configure HSTS to at least 6 months = 180 days = 15552000 seconds.
But before setting this setting, you should make sure your web site is really working using https properly, because this setting is cached in end-user browsers and if something goes wrong and you are forced to turn off https and enable only http, then those users will not be able to access your web site unless they clear browser cache manually. Because your site already has HSTS turned on for 1 day, most probably your web site is already working fine. If you want to go step by step, then increase HSTS for few days, like 3 days or something and then increase a number. But this is up to you, to make a decision how quickly you want to get to at least 6 months required.
I have seen a lot of settings of web server, but like I see it a lot of servers just set it to 1 year = 31536000 seconds. I am not saying you should do this, just this is general practice.
Additional, using HSTS setting you can also define includeSubDomains parameter, but don't do this if any of your subdomain is not capable of using https only. This setting is not required by ssllabs.com test.
How to achieve an A+ rating?
The Importance of a Proper HTTP Strict Transport Security Implementation on Your Web Server
Thank you so much for looking into this, After correcting this HSTS max-age =63072000 on my lab server, i am still not able to receive A+ on my lab server. Currently, no certificate has been uploaded hence ingnoring the certificate mismatch for this configuration but still ignoring trust issue it results to "A".
When you get "grade A", there are only two additional requirements to get "A+":
1. HSTS to at least 6 months.
2. Downgrade attach prevention.
Both in your case are done well.
I don't see any additional issue. There may be a bug in "If trust issues ignored then: A". It should be "A+".
Get proper certificate on test server or implement HSTS solution in production environment.
j-mailor is correct. Once the last warning, certificate not trusted, is cleared, then the grade of A+ will be given.
Retrieving data ...