Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Read that screenshot carefully. The paragraphs next to the yellow “warning” triangles explain that your certificate is not valid for that subdomain.
The other warning message is explaining that you are not sending your intermediate certificate. This is usually due to using cert.pem instead of fullchain.pem in your Node.js application.
You need to fix both issues to get rid of the warning screen.
Well, your root domain looks like it is misconfigured in DNS:
macbiz.co. 600 IN A 13.52.95.200
macbiz.co. 600 IN A 184.168.131.241
It is pointing to two different servers, each of which have a different SSL setup. As a result, your online test is going to give random results, depending which server gets selected.
You should decide which server is correct, and remove the other one.
Please have a look at this screenshot, i think its properly installed now. but still showing chain certificate issue. i am using docker without having any web server.
I am using aws ubuntu, however when i tried to cd into /etc/letsencrypt/live/ it doesn’t want me to go there, says permission denied so i can’t view what is inside the folder.
but i tried the above commands that you gave me but it doesn’t work. am i missing something?
Indeed, the certificate files are by default only readable as root. If your Node.js process runs as a different user, then you need to find a way for that user to access those files.
You can use deploy hooks to copy the certificate and private key for your Node.js user, or you can use group permissions, or you can use ACLs.
OK. So the certificate inside /etc/letsencrypt is expired. But you can see that now the full chain is used, there is no complaint about a missing intermediate.
Where did you get your other (unexpired) certificate?
this is how i am using the certificate , as you can see i also put the chain certificate into my certs/ directory…
when i try to access the directory what you gave me … my application crashes so i tried to manually change directory and tried to access the location that you gave me but i am getting a permission issue.
can this be the reason that its not reading the files from that location because of having permission issue? can i generate ssl certificate somewhere so i could paste it into the text file like i am doing now?