Getting certbot-auto to include the X3 public key

triantos · August 1, 2016, 1:48am

Hi, I created a key to cover my domains without any issues, but when I check my domain with Qualys’ ssllabs.com, they flag the warning: “This server’s certificate chain is incomplete. Grade capped to B.”

Is there some straightforward way to have the cert also include the public key of the X3 with the fingerprint “e6a3b45b062d509b3382282d196efe97d5956ccb”?

thanks!

My domain is:
triantos.com

I ran this command:
./certbot-auto certonly --standalone -d triantos.com … (-d for each of a few more sub-domains)

It produced this output:
Congratulations! …

My operating system is (include version):
Ubuntu 14.04

My web server is (include version):
nginx 1.4.6

pfg · August 1, 2016, 1:52am

certbot produces a number of files, one being fullchain.pem, which contains both your certificate and the X3 intermediate certificate. Point nginx to that file instead of cert.pem (it’s in the same directory).

For other web servers that have separate directives for the intermediate certificate (like old apache versions), there’s also chain.pem, which only contains the X3 intermediate certificate, but that’s not relevant for nginx.

triantos · August 1, 2016, 2:03am

Awesome thanks a lot for the correct answer and for replying so quickly!

system · August 31, 2016, 2:03am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSLLabs saying "This server's certificate chain is incomplete." Help	48	451	August 23, 2024
CertBot Certificate Chain Automation Grade Cap Help	6	1224	December 3, 2019
Certbot fullchain.pem does not satisfy Qualys Server	6	1199	February 12, 2018
Intermediate certificate Help	6	550	November 30, 2021
Certbot doesn't include root certificate in the chain Help	3	725	March 14, 2024

Getting certbot-auto to include the X3 public key

Related topics