Current time: 07-04-2020, 08:24 PM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
05-21-2020, 01:21 AM (This post was last modified: 05-21-2020 01:23 AM by Dennis The Menace.)
Post: #1
First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
Dear Forum

We asked about this already a year ago, but we still have not found a proper solution. https://www.webpagetest.org/forums/showt...?tid=15749

Our Server is completely up-to-date. Qualsys gives us an A+ and likes TLS 1.3 We even have HTTP2 running... Testing from the US or Europe does not make a difference either.

To obtain a grade A here, we have to strip the intermediate Letsencrypt certificate, but - in doing so - Qualsys will then complain. With a full certificate Qualsys is happy, but here, we get a B.

Grade A :: ~400 ms :: [Stripped with just the first certificate]
https://www.webpagetest.org/performance_..._byte_time
-----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgISBMS6zrlqkiTZjNc5rlVXhjhbMA0GCSqGSIb3DQEBCwUA
*** 33 lines in between ***
4V/GVuFPm3bQLHl8kzk=
-----END CERTIFICATE-----


Grade B :: ~800 ms [Not stripped with first and intermediate certificate]
https://www.webpagetest.org/performance_..._byte_time
----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgISBMS6zrlqkiTZjNc5rlVXhjhbMA0GCSqGSIb3DQEBCwUA
*** 33 lines in between ***
4V/GVuFPm3bQLHl8kzk=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
*** 23 lines in between ***
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

Does anybody know how the have an A (for First Byte Time) here and an A+ with Qualsys at the same time - using Letsencrypt? Thanks so much.

Dennis
Find all posts by this user
Quote this message in a reply
05-26-2020, 02:35 AM
Post: #2
RE: First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
I think it's a bug but would have to check the code to be sure

Looking at the waterfalls it seem WPT seems to be interpreting the intermediate cert coming from LetsEncrypt as the TTFB for the test, rather than using the TTFB from the origin

Andy

Using WebPageTest - http://usingwpt.com/
Visit this user's website Find all posts by this user
Quote this message in a reply
05-26-2020, 10:39 PM
Post: #3
RE: First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
Hi Andy,

Yes, it would be great if that bug could be fixed for us "LetsEncrypters". The Server and its data center has everything "On Steroids"; and, as such, should score an A here. (Which it does without the intermediate certificate).

A newer test with a new (full) LetsEncrypt certificate - scoring B only:

https://webpagetest.org/performance_opti..._byte_time

Please let me know when this is fixed. Thanks so kindly.
Dennis
Find all posts by this user
Quote this message in a reply
05-27-2020, 12:29 AM
Post: #4
RE: First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
While the LetEncrypt issue is a pain and gives results that credit a site with being faster than it is

The real challenge you've got is the TTFB for your site is really 700ms+ and fixing the LetEcrypt issue won't change that

Andy

Using WebPageTest - http://usingwpt.com/
Visit this user's website Find all posts by this user
Quote this message in a reply
05-27-2020, 12:34 AM
Post: #5
RE: First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
Hi Andy,

However; without the intermediate certificate, we get ~400! and 'A"!

Would you like me to attach such test result?

Thanks
Dennis
Find all posts by this user
Quote this message in a reply
06-06-2020, 08:40 PM
Post: #6
RE: First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
Anybody? Due to the setup of our infrastructure - and being right on the back-bone, we should get the best possible scores here.
Find all posts by this user
Quote this message in a reply
06-09-2020, 09:09 PM
Post: #7
RE: First Byte Time LetsEncrypt Cert: 'A' without intermediate cert; 'B' with
The fundamental problem is the time it takes for your site to serve the html response.

In the tests you attached at the top, there's ~500ms between the time the browser sends the request and when it first gets a response back (look at the light and dark blue parts of the bar in the waterfall)

You need to look at why this is taking as long as it is

Also as it looks like you're based in Germany, I'd test with one of the German locations (probably AWS Frankfurt) to eliminate the transatlantic latency

Andy

Using WebPageTest - http://usingwpt.com/
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)