Been selling SSL certificates for a while and the most common support question is some variation of "I got an F on SSL Labs, what do I do now?"

SSL Labs is great but it tells you is wrong, not to fix it. And if you're behind Cloudflare it'll flag TLS 1.0/1.1 as your problem when it's actually the CDN edge keeping it for backward compatible.

So I built this: you drop a domain, it runs our server-side checks via OpenSSL (not browser JS), detects if there's a CDN in front, and for every issue it gives you the exact directive to fix it — Nginx, Apache, IIS, HAProxy and more.

Example: instead of "TLS 1.0 detected", you get:

  server { ... }
  ssl_protocols TLSv1.2 TLSv1.3;

...for your specific server software.

I Would love feedback, especially if you hit a false positive on the CDN detection or the fixes are wrong for your stack.