We are using LetsEncrypt Lego SSL certificates and testing our websites with WebPageTest.org. After repeatedly testing we have concluded that we get a “B” and “820 ms First Byte Time” if we provide our own plus the LetsEncrypt’s Intermediate Certificate “Let’s Encrypt Authority X3 (IdenTrust cross-signed)” https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
However, if we cut out the intermediate certificate, we get an “A” and “432 ms First Byte Time”. So, by not providing an intermediate certificate, we can show a better result to our clients. However, a test like Qualys SSL Labs complains with “This server’s certificate chain is incomplete. Grade capped to B.”
What is the right thing to do here? A with WebPageTest.org or A with Qualys?
We are using our own server with the newest versions of Apache/OpenSSL/Lego, and loading the certificates like:
SSLCertificateFile "/htdocs/admin/lego/certificates/$hostname.crt" SSLCertificateKeyFile "/htdocs/admin/lego/certificates/$hostname.key"
We would like have an A with both tests. :-)[/size][/font]
Is this possible? Thanks for any suggestions.