AdGuard Home Certificate chain is invalid

I am using Ubuntu 22 VPS hosted by Interserver.net

I ran the certbot to obtain a encryption certificate (pem) and everything went find. There were no errors doing it.

When I go to enter the information into AdGuard Home the private key entry has no location.

The certificate however shows the following:

In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on letsencrypt.org or you can buy it from one of the trusted Certificate Authorities.

Status:

• Certificate chain is invalid
• Subject: CN=arandomdomain.net
• Issuer: CN=R3,O=Let's Encrypt,C=US
• Expires: 2023-08-12 17:36:58
• Hostnames: arandomdomain.net

Any ideas how to get rid of that error?

Hello @jkshowers, welcome to the Let's Encrypt community.

Have a look at Long (default) and Short (alternate) Certificate Chains Explained

Also:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

Domain: arandomdomain.net

These are the commands I used:

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot certonly --standalone

Output was no errors and a Cetificate (SSL) and private key were created in the following directory

/etc/letsencrypt/live/arandomdomain.net/fullchain.pem

Error given in adguard:

Status:

• Certificate chain is invalid
• Subject: CN=arandomdomain.net
• Issuer: CN=R3,O=Let's Encrypt,C=US
• Expires: 2023-08-12 17:36:58
• Hostnames: arandomdomain.net

/etc/letsencrypt/live/arandomdomain.net/privkey.pem

Good to go message:

Status:

• This is a valid ECDSA private key

I am not sure the webserver I am using to be honest. But the server giving me the error is AdGuard Home.

Ubuntu 22 is the OS

Interserver.net is the hosting provider

I do have root access in SSH

No control panel is installed outside of AdGuard Home

Certbot should be the latest version as it was installed yesterday

I find no IP Addresses for the domain name.

>nmap -4 -Pn -p80,443 arandomdomain.net
Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-15 19:08 UTC
Failed to resolve "arandomdomain.net".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.44 seconds

>nmap -6 -Pn -p80,443 arandomdomain.net
Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-15 19:08 UTC
Failed to resolve "arandomdomain.net".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.29 seconds

And using the online tool Let's Debug yields these results https://letsdebug.net/arandomdomain.net/1481727

image1095×772 10.9 KB

and https://letsdebug.net/arandomdomain.net/1481728

image1099×496 7.71 KB

Yes.
#1 Use the "long chain"
#2 Use another free CA
#3 Verify the correct cert files in use:
Which files did you provide to Adguard?
#4 Upgrade Adguard to latest version
#5 Windows Updates

The domain name servers are not reporting information about the domain

image1074×822 19.8 KB

$ nslookup -q=ns arandomdomain.net
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find arandomdomain.net: SERVFAIL

$ nslookup -q=ns arandomdomain.net DNS2031A.TROUBLE-FREE.NET.
Server:         DNS2031A.TROUBLE-FREE.NET.
Address:        64.20.52.123#53

** server can't find arandomdomain.net: REFUSED

Sounds... a bit made up.

Could you perhaps explain a little bit more why you're trying to get a certificate installed in your "AdGuard Home"?

Are you following instructions such as these?

Did you paste the cert.pem file or the fullchain.pem file (should be the latter)

And, what do you mean there was no spot for the private key. Does your screen not look like here in Configure AdGuard Home

Thank you all so much for reaching out and the help. The DNS for the domain hand;t quite set up and needed a tweak. I figured that out when one of you mentioned and showed the domain errors. I reformated the server. Reran the certbot and then installed AdGuard Home and did it again and all went through.'

Thank you Thank you Thank

J K

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.