Hello,
I have renewed my SSL and in the browser by openeing the websites all is fine (green bar, no issues).
While testing: SSL Server Test: www.deltanet-production.de (Powered by Qualys SSL Labs) and SSL Server Test: gsales.deltanet-production.de (Powered by Qualys SSL Labs) I get Grad A which is fine (but with two Certtest o0?)
With testing: SSL Server Test: host.deltanet-production.de (Powered by Qualys SSL Labs) I get only Grade B because smth. is not recognizing the chain correctly.
It is a wildcrad certificate and all parts of it are placed in fields in my froxlor panel which works fine for the domain (links with Grade A) but the fqdn, which access the files in /etc/ssl, seems not be recognize the path even if it's equal to the configuration im my froylor installation so I wonder what is going wrong.
I also checked the Certs from Comodo but they are up to date.
Last question: Is this CAA required? What must I add? Only this DNS Record for it?
Thanks for any help
Your servers have problem with incomplete or incorrect certificate paths. When web server is accessed by browser web server should send to the browser leaf certificate (certificate of your domain) and all intermediate certificates (don't include root certificate in the path, because root is already trusted by browser) in correct order. I am not really familiar with Nginx (ssllabs.com test shows you have got this server), but seems this is the question you are asking: ssl - Nginx install intermediate certificate - Stack Overflow
CAA is a DNS server setting only. When new certificate is issued by certificate authority (CA), the CAA DNS record should be checked by CA and if correct record is written in DNS, then CA is allowed to sign your certificate request, if not CA should not sign certificate request. CAA is some kind of permission to CA to sign certificate request. This is currently on ssllabs.com only for info and does not influence grade. But if you would like to look into it, I suggest to see CAA Record Generator.