hi everyone, i just need some help because i am not techy and i don't know how to solve this issue. we can't post our wordpress content because the featured image of our content is not showing up even our SSL is valid.
The website for that hostname does not send the intermediate certificate, thus resulting in an incomplete chain which is a reason for some chain validators to mark it as invalid.
You need to make sure that somehow the full chain is used. How? I dunno, I've never heard of the webserver "box2187" and neither does Google. And the fact cPanel is also used makes this outside of my comfort zone.
Maybe you can tell us how you got and installed the certificate in the first place?
bluehost has free auto SSL installation. i am trying to ask some help to them but they keep insisting that they fully installed our SSL.
btw, here my another question:
our main domain is has a valid SSL but our subdomain SSL status has an error.
see attached screenshot. is it possible this error can affect our main domain SSL too?
It possibly could affect the renewal of a certain certificate, but it would not influence any chain issues. That looks more like an incorrect IPv6 address configured in DNS.
If I understand you correctly, you didn't install the certificate by hand, but a service offered by Bluehost did all the work for you?
Technically: no. There is technically no difference between a free Let's Encrypt certificate (and chain) or a certificate which costs you , which also has a certificate chain needing to be installed. (The term "premium SSL" does not make any sense IMO, unless someone thinks something is premium just if you pay big bucks for it. A DV certificate is a DV certificate, whether it's free or not.)
However, Bluehost might have different ways of handling a free certificate compared to a purchased certificate. While it should be no issue what so ever to install a free certificate properly (including the chain), it might be that Bluehost somehow installs purchased certificates differently with the correct chain at the first try. But there's (from my point of view, technically) no certainty about that.
I would not recommend you to purchase a certificate for such a TRIVIAL thing as a certificate chain. This is simply something Bluehost should get right the first time. Many other hosting providers provide Let's Encrypt certificates absolutely free automatically, i.e. without the customer having to push any button. The fact Bluehost makes you press a button to get a free certificate (from what I saw on their website) is abominal enough.
By the way, please make sure of the quote feature of this forum software instead of pasting an image of the text.
Tell them they need to use the fullchain.pem instead of the chain.pem. Maybe they haven't done this before? I've mostly heard bad things about Bluehost.
No, getting a certificate issued by Comodo isn't going to solve this specific problem, if bluehost is going to install it like they did the Let's Encrypt one.
They installed the certificate wrong, their system is not working as it should. You are fully within your rights to complain with them and eventually even link them to this thread.
they just installed the SSL but not implementing the fullchain.pem and keep insisting that they installed it correctly. i'll let them know about it.
btw, thank you for your input and support.
Your website includes an http header that mentions Impervahttps://www.imperva.com/ - apparently they are a CDN provider a bit like Cloudflare.
That would imply that they are serving your site via their CDN (which in turn will make requests to your actual server) and if so then the certificate is on their servers and you should speak to them.
thank you for letting me know, i have already reupload the image and it has a valid certificate now. but still the same, facebook or twitter don't recognize our SSL certificate even it's valid.
Speak to Imperva, it's their certificate configuration that's wrong and you are probably paying for their service. Your site's IP address is owned by them. Other sites on the same IP address have a special certificate (from GlobaSign) that includes imperva.com
Do you perhaps have an Imperva control panel with them where you regularly upload the cert you want to use? If so, try uploading the fullchain.pem version of your certificate file.
What is the exact symptom of this? Because I agree with the other volunteers your domain does not send the full chain of certs. But, you also have an Imperva (Incapsula) firewall that blocks bots and such.
I wonder if what you are seeing is the result of this firewall blocking those sites like below:
Or, maybe this firewall needs to also have the full chain of certs added?
Our website is working fine, but posting on social media like FB and twitter, they don't recognize our SSL. and i am sorry to say, i don't know about the Imperva, we're just using Bluehost and no knowledge about it.
btw, Bluehost told me that our IP address is not pointing to them and it's pointing to Sitelock a
malware remover.
Do you control your DNS records? You can point them wherever you desire.
But please note: somebody in your organisation, or some vendor you delegated DNS management to, at some point in the past, decided to point your A record there. It might even be a typo, a digit swap, or something like that. But you should find out before changing the record.
Hello everyone, I'd like to inform you that my issue has been resolved. I reached out to Sitelock regarding the problem, and we have now reverted the A records back to BLUEHOST.
, which also has a certificate chain needing to be installed. (The term "premium SSL" does not make any sense IMO, unless someone thinks something is premium just if you pay big bucks for it. A DV certificate is a DV certificate, whether it's free or not.)