"Undefined variable c" in third party service javascript & cert install error!

Viruses and worms
1

The code first: https://web.redhelper.ru/service/main.js?c=klinika
What is it? Content-Length: 2489
Content-Type: application/x-javascript
error

 found JavaScript
     error: undefined variable c

variable has not been previously declared!
Consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fweb.redhelper.ru%2Fservice%2Fmain.js%3Fc%3Dklinika
Certificate has not been implemented properly:

Please contact the Certificate Authority for further verification.
You have 1 error
Certificates installed in the wrong order.
Some certificates in the chain are installed in the wrong order. See details below. Reinstall the certificates in the proper order.
Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended.
Common name:
*.redhelper.ru
SAN:
*.redhelper.ru, redhelper.ru
Valid from:
2015-Sep-16 00:00:00 GMT
Valid to:
2016-Sep-15 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:

Organizational unit:
PositiveSSL Wildcard,Domain Control Validated
City/locality:

State/province:

Country:

Certificate Transparency:
Not embedded in certificate
Serial number:
a36dbb32c1b01077ea103cd20bec38a5
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
COMODO RSA Domain Validation Secure Server CAIntermediate certificate
COMODO RSA Certification AuthorityIntermediate certificate
AddTrust External CA RootRoot certificate
*.redhelper.ruTested certificate
Server configuration
Host name:
37.230.220.33
Server type:
nginx/1.1.19
IP address:
37.230.220.33
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled

polonus (volunteer website security analyst and website error-hunter)