Getting certbot-auto to include the X3 public key


#1

Hi, I created a key to cover my domains without any issues, but when I check my domain with Qualys’ ssllabs.com, they flag the warning: “This server’s certificate chain is incomplete. Grade capped to B.”

Is there some straightforward way to have the cert also include the public key of the X3 with the fingerprint “e6a3b45b062d509b3382282d196efe97d5956ccb”?

thanks!


My domain is:
triantos.com

I ran this command:
./certbot-auto certonly --standalone -d triantos.com … (-d for each of a few more sub-domains)

It produced this output:
Congratulations! …

My operating system is (include version):
Ubuntu 14.04

My web server is (include version):
nginx 1.4.6


#2

certbot produces a number of files, one being fullchain.pem, which contains both your certificate and the X3 intermediate certificate. Point nginx to that file instead of cert.pem (it’s in the same directory).

For other web servers that have separate directives for the intermediate certificate (like old apache versions), there’s also chain.pem, which only contains the X3 intermediate certificate, but that’s not relevant for nginx.


#3

Awesome thanks a lot for the correct answer and for replying so quickly!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.