Help - Website does not work "out of the box" with Internet Explorer 11

The facts:

  • My website is powered by a simple Go program that uses “http.ListenAndServeTLS” to establish an HTTP server. (You feed the function the “cert.pem” file and the “privkey.pem” file.)
  • The server OS is Ubuntu 14.04.
  • I created my “cert.pem” file and the “privkey.pem” files using “certbot” as per the instructions here:
  • My testing computer is Windows 7 x64 Professional (fully patched).
  • The website URL is (it might be down if I happen to be tinkering with the code)

The problem:

My website correctly shows as “trusted” in Chrome or Firefox, but it fails to load completely in Internet Explorer 11, giving “HTTP 400 Bad Request”.

IE11 does appear to be listed in the “Which browsers and operating systems support Let’s Encrypt” page (Which browsers and operating systems support Let’s Encrypt), so I am perplexed.

Can anyone shed some light into this issue? I will gladly provide additional information upon request.

Thanks in advance,
Zamiel (James)

HTTP 400 Bad Request does not indicate an error that’s related to your SSL configuration or your certificate. That’s a HTTP error generated by your server (not sure if it could be related to go’s HTTP server implementation, or if it’s something in your application code). If there’s an issue with SSL/TLS, your server wouldn’t get to a point where it could send a HTTP 400.

Not related to this error, but your server is currently not serving Let’s Encrypt’s intermediate certificate, which will cause issues for users that have not previously visited sites using Let’s Encrypt (and thus have a cached version available). I believe the certFile parameter of ListenAndServeTLS should be set to the fullchain.pem file generated by certbot, which is a concatenation of cert.pem and chain.pem.

Thank you so much pfg! That was the issue. Silly me.

Thanks again for your swift and helpful response! Hopefully this thread can help someone else down the line.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.