My web server is (include version): Ubuntu 20.04.2 LTS
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Digital Ocean
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2
Dear people,
at api.meine-sicht.com we use a Let's Encrypt certifiacte. Everything is fine in 99% of cases. But we have a big client now that uses a very strict Fortigate firewall, which doesn't allow our certificate.
I'm not a trained programmer and I can't figure out where the problem is.
Did the client provide you with details about why it isn't allowed? Any error or warning messages? Your server configuration is fine, so figuring this out is going to involve getting details from whoever runs the firewall device.
I don't think this has anything to do with your certificate, and everything to do with the way the firewall classifies your domain name.
The CERT_AUTHORITY_INVALID just looks like Chrome is being man-in-the-middled by the Fortigate device, which would not be caused by your Let's Encrypt certificate.
If I had to guess, I'd say that they need to allow your domain name in their firewall, and wherever that Chrome browser is running, needs to have the Fortigate MITM certificate in its trust store via group policy or whatever. Or allow access to the domain without it being MITM'd. Your client will know more about that ...
If people have the same problem. I found a solution that has nothing to do with the certifiacte.
Apparently Fortinet categorises every url out there. You can check that here: Fortinet URL Rating Submission
If your url is not in any category you can fill out a short form and then fortinet categorises it. Everything works fine now with our client
