Attached three screenshots.
Everything seems fine in Firefox and Safari. Chrome says that the certificate is signed by an unknown authority.
Chrome: Version 53.0.2785.143 (64-bit)
Your web server isn’t configured to send the entire certificate chain. Some web browsers are more forgiving than others. Firefox, for example, isn’t actually “fine”. It will work for users who have successfully visited other websites using Let’s Encrypt (and cached the missing intermediate), and will fail with a similar error message for those who have not.
https://whatsmychaincert.com/
https://www.ssllabs.com/ssltest/analyze.html?d=api.csbubbles.com&hideResults=on
What web server are you using? For example, with Apache, if you have something like this:
SSLCertificateFile /etc/letsencrypt/live/api.csbubbles.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.csbubbles.com/privkey.pem
you need to change it to:
SSLCertificateFile /etc/letsencrypt/live/api.csbubbles.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.csbubbles.com/privkey.pem
or (before Apache 2.4.8):
SSLCertificateFile /etc/letsencrypt/live/api.csbubbles.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/api.csbubbles.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.csbubbles.com/privkey.pem
2 Likes
Thanks Matt. I’ve added the SSLCertificateChainFile record, now it seems working fine in Chrome.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.