Certificate chain incomplete

#1

Hi there,

Using certbot to generate a certificate for andersonquigley.com, which works great.

However, doing an SSL test on sslabs tells me that the certificate chain is incomplete
https://www.ssllabs.com/ssltest/analyze.html?d=andersonquigley.com

I set up the apache vhost with:
SSLCertificateFile /etc/letsencrypt/live/andersonquigley.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/andersonquigley.com/privkey.pem

fullchain contains 2 -----BEGIN/END CERTIFICATE----- certificate blocks.

Any ideas what the problem could be?

#2

It sounds like you are using an old-ish version of Apache httpd.

Combined certificate format (fullchain.pem) support was introduced in Apache 2.4.8.

You’ll probably need to add:

SSLCertificateChainFile /etc/letsencrypt/live/andersonquigley.com/chain.pem
2 Likes
#3

Thanks for the quick response.
That seems to have done it!

Weird, as I’m using apache 2.4.7:

$ apachectl -v
Server version: Apache/2.4.7 (Ubuntu)

$ certbot --version
certbot 0.26.1

1 Like
#4

Ah yes, sorry version number is lower!

#5

1 patch level higher and your version would have worked, haha :slight_smile: .

2 Likes
closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.