Certificate chain incomplete

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: helpdesk.eosc-portal.eu

I ran this command:

It produced this output:

My web server is (include version): apache 2.4.6

The operating system my web server runs on is (include version): rhel 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.22.0

SSL Server Test: helpdesk.eosc-portal.eu (Powered by Qualys SSL Labs) tells me my certificate chain is incomplete. I followed the instructions given in various other similar topics but without success.
My apache config looks like this:
SSLCertificateFile /etc/letsencrypt/live/helpdesk.eosc-portal.eu/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/helpdesk.eosc-portal.eu/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/helpdesk.eosc-portal.eu/chain.pem

Any ideas?

1 Like
2

I've cleared the SSLLabs checks cache and checked it again, as I didn't see anything wrong with your chain. It's now a grade A without any chain issues: SSL Server Test: helpdesk.eosc-portal.eu (Powered by Qualys SSL Labs) (Note for other Community members: it was capped to grade B due to no chain send by the server earlier today.)

Did you perhaps by any chance change or reload your Apache configuration regarding the chain? The configuration you're showing here is correct.

3 Likes
3

I only did a
openssl s_client -showcerts -connect helpdesk.eosc-portal.eu:443
on the shell.
Probably it was a caching problem in my webbrowser since my last changes

Thanks a lot.
Guenter

3 Likes
4

The SSLLabs site also caches check results so if you make a change to your webserver, you'll need to force it to run the test again by hitting the "Clear cache" button at the top of the page.

In any case, there was no chain before, but now there is, so all good!

4 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.