Certbot NET::ERR_CERT_AUTHORITY_INVALID error


#1

Hello!
All of a sudden I’m receiving this error when browsing my website teckzite.org
Today I am getting errors with Chrome and iPhone, Firefox is still fine.

Does anyone know what might be going on?

Any help will be appreciated.

Sandeep krishna


#2

Yes, the configuration of your server is wrong: https://www.ssllabs.com/ssltest/analyze.html?d=teckzite.org :

Chain issues Incomplete

Can you answer these questions ?

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

The web serer is Ubuntu 16.04
It’s a vps on Amazon lightsail


#4

How can I solve chain issues


#5

By providing the chain file (given by your acme client). So it depends of your web server and acme client.

Can you answer these questions ?

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: vps on Amazon lightsail

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

If you don’t understand these questions, maybe you can answer this one: How did you create the certificate the first time?


#6

My web server is apache (2.4.34)
Yes, I can login to a root shell on my machine
No , I’m not using control to manage my site


#7

Thank you,

How did you create/install/renew the certificate? Which acme client did you use?


#8

Using the certbot based on a tutorial.
I think it’s missing a intermediate certificate
How can I get one for us…?


#9

Certbot should have take care of everything, but obviously it was not the case. Do you still have the link to the tutorial?

In your apache configuration you should see something like:

SSLCertificateFile      /etc/letsencrypt/live/<domain>/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt/live/<domain>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<domain>/chain.pem

If the SSLCertificateChainFile directive is missing, you should add it (with the correct file path for chain.pm of course, similar to the other one)

Apparently it’s because your apache version is <2.4.8: Recommended Apache config

If you pass fullchain.pem to SSLCertificateFile in Apache 2.4.8 or newer, it will automatically deal with chaining the intermediate for you.


#10

Yeah, The problem solved…!
Actually ,

SSLCertificateChainFile /etc/letsencrypt/live/<domain>/chain.pem

This line is missing in my configuration file. I’ve added it and now it works fine.

Thank you…!:relaxed:


#11

You’re welcome :grin:


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.