My domain is: https://bit.net (using multi-domain cert)
Cert works everywhere (including the paired iPhone (IOS 14) but not on the Apple Watch (Watch OS 7).
Watch says certificate is invalid. Is this a known problem and is there a fix?
2 Likes
Welcome to the Let's Encrypt Community, Ira 
It's possible that the intermediate certificate might not be included, which can cause certain browsers to say that a certificate is not valid because it can't verify the chain.
Yep. Here's the correct cert with chain:
https://whatsmychaincert.com/generate?include_leaf=1;host=bit.net
You want to change your webserver configuration to serve fullchain.pem instead of cert.pem .
3 Likes
Now that is a cool tool !
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it 
]
2 Likes
You want to change your webserver configuration to serve fullchain.pem instead of cert.pem.
2 Likes
It's really cool, but most users would probably be better-served by finding how to use their ACME client's existing chain selection mechanism rather than by hard-coding their servers to the currently-correct chain provided by this tool. 
5 Likes
@schoen I would definitely agree: This tool should only be used for comparison (or in a dire emergency).
I would not endorse using such a tool in any kind of a scripted/programmatic or in a routine procedure.
It shouldn't even be part of any setup/install guide.
To me, it can serve a completely different purpose(s):
It can quickly show a correct "working example" to those that don't see how their chain is "incorrect".
Or get someone quickly out of a jam when all they have been able to recover is their private key.
[definitely not a common occurrence - but good to know]
So it could be included as a tool for a troubleshooting/repair guide.
In summary: I guess I should have used more words - it's funny just reading that line.
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.