Dear Folks,
My domain is: lyra.foundation
I ran this command: letsencrypt --nginx -d www.lyra.foundation -d lyra.foundation
It produced this output: Produced a fullchain.pem all fine.
My web server is (include version): nginx
The operating system my web server runs on is (include version): Linux
My hosting provider, if applicable, is: It's a 128 GB RAM 12 Core Scaleway Bare Metal
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 1.12.0
I'm a bit baffled, because SSLLabs looks fine (besides a DNS warning) and both URLs https://lyra.foundation and https://www.lyra.foundation work fine on all of my devices.
But I'm receiving reports about a NET::ERR_CERT_AUTHORITY_INVALID warning in Chrome.
After some Google'ing, that seems to be sometimes caused by a missing Intermediate Certificate.
So I repeated the bash line:
echo | openssl s_client -connect lyra.foundation:443 -servername lyra.foundation 2>/dev/null | awk 'Certificate chain/,/---/'
But it yields seemingly good output:
Certificate chain
0 s:CN = www.lyra.foundation
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 18 09:06:22 2023 GMT; NotAfter: Sep 16 09:06:21 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
Could somebody check what might be the problem? Thanks a bunch.