Cert Chain Incomplete on Ubuntu 14.04

Server
1

My certificate is trusted, but the chain is incomplete.

https://www.ssllabs.com/ssltest/analyze.html?d=emprestimopessoalonline.net.br

Server is Ubuntu 14.04 running Apache 2.4.7.

Some browsers do not accept this certificate as trusted.

How I solve this?

2

Did you configure your server using chain.pem instead of fullchain.pem?

3

I’ve got already solve my problem. But it was very complicated, because there is no help on the Internet.

Can not find practically no help material.

I used certbot to do my setup. And it created the setup using fullchain.pem.

What I did to solve the problem was:

  • /etc/apache2/sites-available/default-ssl.conf (back to the default)
  • /etc/apache2/sites-available/000-default.conf (I will show below how I set up my virtual host)

#HTTPS://EMPRESTIMOPESSOALONLINE.NET.BR
<VirtualHost *:443>

ServerAdmin contato@sobralsites.com
DocumentRoot "/var/www/emprestimopessoalonline.net.br"
ServerName emprestimopessoalonline.net.br
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/emprestimopessoalonline.net.br/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
</Directory>

SSLEngine ON
SSLCertificateFile /etc/letsencrypt/live/emprestimopessoalonline.net.br/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/emprestimopessoalonline.net.br/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/emprestimopessoalonline.net.br/chain.pem

#HTTPS://WWW.EMPRESTIMOPESSOALONLINE.NET.BR
<VirtualHost *:443>

ServerAdmin contato@sobralsites.com
DocumentRoot "/var/www/emprestimopessoalonline.net.br"
ServerName www.emprestimopessoalonline.net.br
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/emprestimopessoalonline.net.br/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
</Directory>

SSLEngine ON
SSLCertificateFile /etc/letsencrypt/live/emprestimopessoalonline.net.br/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/emprestimopessoalonline.net.br/privkey.pem

This way it works well.

4

@schoen That’s for Apache 2.4.8 and above :wink:

@hellstoncrusher You forgot the ChainFile for the www vhost.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.