https://crt.sh/?q=cms.ci-systems.com
My domain is: https://cms.ci-systems.com/
when I check the domain on many ssl checkers I got an error
"The certificate is not trusted in all web browsers."
My web server is (include version): windows server 2016
The operating system my web server runs on is (include version): windows server 2016
I tried to install the root certificate from Chain of Trust - Let's Encrypt - Free SSL/TLS Certificates but it's still getting error
You're not supposed to send root certificates as part of the chain. You should include the intermediate certificate which is directly used to sign the end leaf certificate: it's missing currently:
osiris@erazer ~ $ openssl s_client -connect cms.ci-systems.com:443
CONNECTED(00000003)
depth=0 CN = cms.ci-systems.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = cms.ci-systems.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = cms.ci-systems.com
verify return:1
---
Certificate chain
0 s:CN = cms.ci-systems.com
i:C = US, O = Let's Encrypt, CN = R3
---
(...)
ok,
So what is the intermediate certificate thet i need to install and how to?
The ACME client you used should have provided it to you. As you can see from the output I've pasted above, your certificate is signed by the "R3" intermediate certificate from "Let's Encrypt".
I don't know, I have zero experience with Windows Server. Usually, the ACME client used would have installed the certificate for you, including the correct intermediate certificate. Unfortunately, you've chosen to remove a lot of the questions in the questionnaire, including which ACME client you've used.
In that case you might want to check the Certify The Web Community Forum as most experience on the Let's Encrypt Community (this one) is with certbot and some other Linux ACME clients.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.