My web server is (include version): Apache 2.4.29 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.2 LTS Server
My hosting provider, if applicable, is: Contabo
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 0.39.0
Hi there,
I have generated certificates for my domain via certbot, and configured them in Apache as SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile.
I am using the fullchain in the domain live folder for the chain file.
SSL is working as expected, however Qualys SSL Labs check is capping me to Grade B saying
This server's certificate chain is incomplete. Grade capped to B.
I have looked at the chain file myself and it is generated automatically as the cert.pem contents followed by the chain.pem contents.
I would like to achieve an A+ and this is the only thing preventing me. How can I fix this without manually modifying the chain file every single renewal?
The current configuration is still incorrect. It’s sending your certificate twice and the intermediate certificate once. Many clients will ignore the extra certificate, but some are stricter and will be unable to connect.
It’s sending your certificate twice and the intermediate certificate once. Many clients will ignore the extra certificate, but some are stricter and will be unable to connect.