Getting certbot-auto to include the X3 public key

triantos · August 1, 2016, 1:48am

Hi, I created a key to cover my domains without any issues, but when I check my domain with Qualys’ ssllabs.com, they flag the warning: “This server’s certificate chain is incomplete. Grade capped to B.”

Is there some straightforward way to have the cert also include the public key of the X3 with the fingerprint “e6a3b45b062d509b3382282d196efe97d5956ccb”?

thanks!

My domain is:
triantos.com

I ran this command:
./certbot-auto certonly --standalone -d triantos.com … (-d for each of a few more sub-domains)

It produced this output:
Congratulations! …

My operating system is (include version):
Ubuntu 14.04

My web server is (include version):
nginx 1.4.6

pfg · August 1, 2016, 1:52am

certbot produces a number of files, one being fullchain.pem, which contains both your certificate and the X3 intermediate certificate. Point nginx to that file instead of cert.pem (it’s in the same directory).

For other web servers that have separate directives for the intermediate certificate (like old apache versions), there’s also chain.pem, which only contains the X3 intermediate certificate, but that’s not relevant for nginx.

triantos · August 1, 2016, 2:03am

Awesome thanks a lot for the correct answer and for replying so quickly!

Topic		Replies	Views
Nginx incomplete certificate chain Help	5	12431	April 6, 2017
Including intermediate certificates from Letsencrypt in Nginx SSL setup Help	6	5139	February 14, 2021
Public and private keys Server	6	17757	February 20, 2017
SSLLabs saying "This server's certificate chain is incomplete." Help	48	1078	August 23, 2024
CertBot Certificate Chain Automation Grade Cap Help	6	1275	December 3, 2019

Getting certbot-auto to include the X3 public key

Related topics