Hosting asking for CA valid format

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.gshop-portal.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: www.dondominio.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): If I'm not mistaken the panel is: panel24/7

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

The page is currently asking me to input a valid CA Format when trying to save the ssl cert and key

Hi @imaquilon,

Do you mean that you already issued your certificate and key, but that your control panel is reluctant to import them? Or that the control panel is for some reason not allowing you to export this data?

What you have done already, and what are you trying to accomplish at the moment that's being prevented by the host?

Sorry, let me explain again. I generated my cert and my key through manual mode, since the host doesnt provide Let's encrypt ssl's. What I'm saying is that the actual page (the hosting) is asking me for some extra file (CA) or some kind of name i have to input. It is exactly asking for the " Certificate Authority" when I try to input something like "Let's Encrypt" or R3 it just will output a "please, input a valid Certificate Authority format" error.

Was that Certbot's manual mode? If so, I think the item they want for that field is the complete content of the chain.pem file from /etc/letsencrypt/live. You would have your own certificate (cert.pem), your own private key (privkey.pem), and the "chain", "issuer", or "CA" certificate(s) (chain.pem). This is a bunch of PEM data much like the things you would paste in the other parts of the host's control panel.

lol, for some reason i thought I had to use fullkey.pem under certificate section. that fixed it, thank you! <3

It was likely asking for the "CA Bundle" (aka CA intermediate certificate). By providing fullchain.pem (which contains both your leaf certificate and the CA intermediate certificate), you satisfied the requirement of serving the "full chain" that many browsers often require to authenticate your leaf certificate. For the sake of completeness, I must note that fullchain.pem does not actually contain the full chain. The CA root certificate (not included in fullchain.pem) that was used to sign the CA intermediate certificate needs to already be installed in the "trust store" of a visitor's browser.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.