Certificate chain invalid

andy26 · January 13, 2020, 4:23am

My domain is:privykloud.duckdns.org

I ran this command: My IP changed, updated in duckdns
And then i tied accessing my site–i got the error,
post that I recreated the DuckDNS token & build the containers again…
I can see the entries are coming @ https://check-your-website.server-daten.de/?q=privykloud.duckdns.org

I havent changed anything while building the container again…except the duckdns token
so not sure why I am getting the error as Certificate/chain invalid and wrong name
Also,I am not sure how to fix it.

It produced this output:

My web server is (include version): ngnix

The operating system my web server runs on is (include version): debian buster

My hosting provider, if applicable, is:duckdns

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):1.0.0

Osiris · January 13, 2020, 7:22am

What do you mean with “building the container again”?

andy26 · January 13, 2020, 7:25am

I regret as I was not clear earlier…
So once i regenerated the token again…
I updated my yaml file for both duckdns and letsencrypt as both has an entry for token
And then i ran the docker-compose to build/update the containers…

I hope it clarifies…let me know if u need more information

Osiris · January 13, 2020, 7:41am

It seems something went wrong with that container I guess. There is a pre-certificate for your hostname generated yesterday (crt.sh). I assume the real certificate is generated as well but perhaps crt.sh has a backlog of sorts.

For some reason, your newly generated certificate didn’t “make” it to your webserver. Your webserver not only has a “chain issue”, it has a “self signed certificate” loaded. Not a Let’s Encrypt certificate at all.

I personally have zero experience with docker and you haven’t gotten us any log or information about the certificate generation process, so I can’t say why it went wrong.

JuergenAuer · January 13, 2020, 8:15am

Hi @andy26

you have created two certificates

Issuer	not before	not after	Domain names	LE-Duplicate	next LE
Let’s Encrypt Authority X3	2020-01-12	2020-04-11	*.privykloud.duckdns.org - 1 entries	duplicate nr. 2
Let’s Encrypt Authority X3	2020-01-08	2020-04-07	*.privykloud.duckdns.org - 1 entries	duplicate nr. 1

So that part has worked.

But you don’t use it, instead, you use a self signed:

CN=*, OU=LSIO Server, O=Linuxserver.io, L=Carlsbad, S=CA, C=US
	12.01.2020
	09.01.2030
expires in 3649 days

Hope, you save the certificate outside of your container, so you can re-use the certificate. So

don’t create the next certificate
check, how to install it

andy26 · January 13, 2020, 10:03am

Thanks @JuergenAuer
I was able to copy the cert directory in letsencrypt docker
And then when i m trying to run nginx -t …
I am getting error as
nginx: configuration file /etc/nginx/nginx.conf test failed

when i run this command -netstat -pant

Any pointers how to resolve this and run the nginx without errors.

Thanks

Osiris · January 13, 2020, 10:13am

You should keep the certificates in a persistent location outside the container.

JuergenAuer · January 13, 2020, 10:39am

Then you have to fix your general configuration.

system · February 12, 2020, 10:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.