What can I do to remove the second certificate? The unknown certificate is causing errors to some users. The URL is kimarineadventures.com. Thank you in advance.
When the test is executed on SSL Labs server assessment for kimarineadventures.com the test fails with Assessment Error: No secure protocols supportedAfter further investigation, it was observed that your server redirects from http://kimarineadventures.com to http://kimarineadventures.com.au to https://kimarineadventures.com.au, that is the reason SSL Labs gives that assessment error.
For https://kimarineadventures.com.au assessment result resolves to two IP addresses:
In your IPv4 address, the servers respond with two certificates:
In your IPv6 address, the server responds with one certificate. It responds with a certificate having different names (www.abcaccountants.com.au abcaccountants.com.au) in alternative names which are used for validation by the majority of the modern browsers. I would request you to check your server configuration for IPv6 and replace the certificate with that of IPv4 address certificate #1
All the client/browser connecting with your IPv6 servers will be getting an invalid certificate because of the above reason. You can follow the above approach.
I echo what Nauman wrote and I will add the following.
To remove the second certificate you will need to edit the web server or load balancer config. It looks to me like you are using the Apache HTTP web server. If so, then you will want to look for the `SSLCertificateFile` Apache directive in your Apache HTTPD configuration file(s). You will probably find the `SSLCertificateFile` Apache directive in two places in your configuration file(s) instead of just one. The `SSLCertificateFile` directive you want to keep is probably inside a `VirtualHost` definition block with a `ServerName` directive equal to `kimarineadventures.com.au`. You will want to remove the other (incorrect) `SSLCertificateFile` directive and restart Apache HTTPD.
As for the IPv6 host, its certificate has a common name of `www.abcaccountants.com.au`. If the IPv6 address is pointing to the same, multi-homed server as the IPv4 address, then you will need to further update your Apache HTTP configuration. However, If this IPv6 address is not pointing to the same server as the IPv4 address, then perhaps it is a DNS mistake and you need to update the AAAA record to the correct IPv6 address from the same host as the IPv4 address or remove the AAAA record for `kimarineadventures.com.au`.
Lastly, that TLS configuration needs other improvements as well. If you'd like a quick and easy way to generate a good enough TLS configuration to get an A from SSL Labs, then you should consider the Mozilla SSL Configuration Generator.
Retrieving data ...