My domain is: cloudyhost.net
My web server is (include version): Apache 2.4.29 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.2 LTS Server
My hosting provider, if applicable, is: Contabo
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): Certbot 0.39.0
I have generated certificates for my domain via certbot, and configured them in Apache as SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile.
I am using the fullchain in the domain live folder for the chain file.
SSL is working as expected, however Qualys SSL Labs check is capping me to Grade B saying
This server’s certificate chain is incomplete. Grade capped to B.
I have looked at the chain file myself and it is generated automatically as the cert.pem contents followed by the chain.pem contents.
I would like to achieve an A+ and this is the only thing preventing me. How can I fix this without manually modifying the chain file every single renewal?