Chain issue on new certificate from letsencrypt

Hi,
I just installed my new letsencrypt certificate on my pache server on centos.. Apache version is Apache/2.4.6 (CentOS)
My configuration si like below:
SSLCertificateFile /etc/pki/tls/certs/fullchain1.pem
SSLCertificateKeyFile /etc/pki/tls/private/privkey1.pem
But when I check on ssllabs I get chain incomplete. Notice that I generated the certificate on another server where certbot is installed.

1 Like

That is an apache specific configuration issue.
SSLCertificateFile accepts only one certificate, not a chain. That must be the leaf certificate. You have to use the SSLCertificateChainFile statement in addition too, and that must be a file containing the intermediate signing certificate(s).

2 Likes

OR
Upgrade from Apache version 2.4.6.

1 Like