MyBB Internal: One or more warnings occured. Please contact your administrator for assistance.
WebPagetest Forums - First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with

WebPagetest Forums

Full Version: First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Dear Forum

We asked about this already a year ago, but we still have not found a proper solution. https://www.webpagetest.org/forums/showt...?tid=15749

Our Server is completely up-to-date. Qualsys gives us an A+ and likes TLS 1.3 We even have HTTP2 running... Testing from the US or Europe does not make a difference either.

To obtain a grade A here, we have to strip the intermediate Letsencrypt certificate, but - in doing so - Qualsys will then complain. With a full certificate Qualsys is happy, but here, we get a B.

Grade A :: ~400 ms :: [Stripped with just the first certificate]
https://www.webpagetest.org/performance_..._byte_time
-----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgISBMS6zrlqkiTZjNc5rlVXhjhbMA0GCSqGSIb3DQEBCwUA
*** 33 lines in between ***
4V/GVuFPm3bQLHl8kzk=
-----END CERTIFICATE-----


Grade B :: ~800 ms [Not stripped with first and intermediate certificate]
https://www.webpagetest.org/performance_..._byte_time
----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgISBMS6zrlqkiTZjNc5rlVXhjhbMA0GCSqGSIb3DQEBCwUA
*** 33 lines in between ***
4V/GVuFPm3bQLHl8kzk=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
*** 23 lines in between ***
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

Does anybody know how the have an A (for First Byte Time) here and an A+ with Qualsys at the same time - using Letsencrypt? Thanks so much.

Dennis
I think it's a bug but would have to check the code to be sure

Looking at the waterfalls it seem WPT seems to be interpreting the intermediate cert coming from LetsEncrypt as the TTFB for the test, rather than using the TTFB from the origin
Hi Andy,

Yes, it would be great if that bug could be fixed for us "LetsEncrypters". The Server and its data center has everything "On Steroids"; and, as such, should score an A here. (Which it does without the intermediate certificate).

A newer test with a new (full) LetsEncrypt certificate - scoring B only:

https://webpagetest.org/performance_opti..._byte_time

Please let me know when this is fixed. Thanks so kindly.
Dennis
While the LetEncrypt issue is a pain and gives results that credit a site with being faster than it is

The real challenge you've got is the TTFB for your site is really 700ms+ and fixing the LetEcrypt issue won't change that
Hi Andy,

However; without the intermediate certificate, we get ~400! and 'A"!

Would you like me to attach such test result?

Thanks
Dennis
Anybody? Due to the setup of our infrastructure - and being right on the back-bone, we should get the best possible scores here.
The fundamental problem is the time it takes for your site to serve the html response.

In the tests you attached at the top, there's ~500ms between the time the browser sends the request and when it first gets a response back (look at the light and dark blue parts of the bar in the waterfall)

You need to look at why this is taking as long as it is

Also as it looks like you're based in Germany, I'd test with one of the German locations (probably AWS Frankfurt) to eliminate the transatlantic latency
Reference URL's