Certificate chain invalid

#1

My domain is:privykloud.duckdns.org

I ran this command: My IP changed, updated in duckdns
And then i tied accessing my site–i got the error,
post that I recreated the DuckDNS token & build the containers again…
I can see the entries are coming @ https://check-your-website.server-daten.de/?q=privykloud.duckdns.org

I havent changed anything while building the container again…except the duckdns token
so not sure why I am getting the error as Certificate/chain invalid and wrong name
Also,I am not sure how to fix it.

It produced this output:

My web server is (include version): ngnix

The operating system my web server runs on is (include version): debian buster

My hosting provider, if applicable, is:duckdns

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):1.0.0

#2

What do you mean with “building the container again”?

#3

I regret as I was not clear earlier…
So once i regenerated the token again…
I updated my yaml file for both duckdns and letsencrypt as both has an entry for token
And then i ran the docker-compose to build/update the containers…

I hope it clarifies…let me know if u need more information

#4

It seems something went wrong with that container I guess. There is a pre-certificate for your hostname generated yesterday (crt.sh). I assume the real certificate is generated as well but perhaps crt.sh has a backlog of sorts.

For some reason, your newly generated certificate didn’t “make” it to your webserver. Your webserver not only has a “chain issue”, it has a “self signed certificate” loaded. Not a Let’s Encrypt certificate at all.

I personally have zero experience with docker and you haven’t gotten us any log or information about the certificate generation process, so I can’t say why it went wrong.

1 Like
#5

Hi @andy26

you have created two certificates

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-01-12 2020-04-11 *.privykloud.duckdns.org - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2020-01-08 2020-04-07 *.privykloud.duckdns.org - 1 entries duplicate nr. 1

So that part has worked.

But you don’t use it, instead, you use a self signed:

CN=*, OU=LSIO Server, O=Linuxserver.io, L=Carlsbad, S=CA, C=US
	12.01.2020
	09.01.2030
expires in 3649 days

Hope, you save the certificate outside of your container, so you can re-use the certificate. So

  • don’t create the next certificate
  • check, how to install it
1 Like
#6

Thanks @JuergenAuer
I was able to copy the cert directory in letsencrypt docker
And then when i m trying to run nginx -t …
I am getting error as
nginx: configuration file /etc/nginx/nginx.conf test failed

image
image745×263 3.71 KB

when i run this command -netstat -pant
image
image833×276 18 KB

Any pointers how to resolve this and run the nginx without errors.

Thanks

#7

You should keep the certificates in a persistent location outside the container.

#8

Then you have to fix your general configuration.

#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.