Curl SSL certificate problem - after changing certificates


#1

Hello. First time I have used certbot-auto to generate and install certificates on my Debian VPS. Recently I generated new certificates for my domain, using getssl on my computer and uploaded the certs to my VPS (in a different directory). Linked them in apache2 vhost files and everything worked ok. Now however I’m having a problem with curl. When I curl my own domain from the VPS it is hosted on, I get:
curl: (60) SSL certificate problem: unable to get local issuer certificate

It used to work. I’m pretty sure it has to do something with the fact that I changed certificates for my domain.

Edit: The same problem happens when I try to curl it from my local machine. It seems like I must have missed something when I installed the new certificate. What could be the problem? Browsers show a valid certificate though.


#2

Did you use cert.pem or fullchain.pem?


#3

GetSSL generated these files: chain.crt, mydomain.com.crt, mydomain.com.csr, mydomain.com.key I used SSLCertificateFile mydomain.com.crt


#4

You should also use the chain. When using Apache before 2.4.8 you should point SSLCertificateChainFile to the chain itself as an extra directive. When using Apache 2.4.8 or later, you should concatenate mydomain.com.crt + chain.crt and point SSLCertificateFile to that concatenated file.


#5

It works. Thank you very much!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.