The operating system my web server runs on is (include version): CentOS 7
My hosting provider, if applicable, is: Dedicated Server
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Don't know it's InterWorx
So, I switched from zerossl to letsencrypt and I'm having many issues. When I generate the certificate using interworx everything seems fine. But chain certificate has some issues. I have read lots of these forums about this issues, but none have helped me. I ran check on whynopadlock and I get this:
You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.
I have used other SSL certificates like my last one was zerossl and had no issues. I just saw this issue after switching on one of my websites, the other websites run fine because they are using zerossl and other ssl-s and I don't understand much about running commands on the servers, I just use it run my websites.
There is nothing wrong with your cert chain. whynopadlock gives a false alarm due to expired DST Root CA X3 at the end of the chain. This is not a problem. This website also has a cert chain ending in the DST cert. We call this the "long chain" and is used for best compatibility with older Android clients.
See other sites that test cert chains better - like SSL Labs
There are some other issues about your site pointed out by both of these sites you may wish to address but the cert chain is not one of them.
I don't have any mixed content on my websites.
I have tried with chrome, firefox, safari on mac os, chrome on windows 10, and Samsung internet using Android. None of them showed the padlock and had this error.
I'm not sure what happened because suddenly it decided to add the padlock and not give the error but since I didn't close the tab from hours ago here is the screenshot of the error. It showed certificate is valid but still not secure. This is strange that it's fixed automatically since I didn't do anything yet. My other websites(using let'sencrypt) still show not secure.
Anyway, I will update this post as soon as I find the reason why this happened and why it is now fixed. I'm guessing this could have all happened because I had an expired domain nameserver using it as DNS for this domain which I fixed yesterday. I will confirm this(with detailed info) as soon as I test it for my other websites, just in case if anybody else like me with the same situation is having the same issues.
Too funny! I was going to have them look at whynopadlock for help.zerossl.com as it shows the same false "error". The ZeroSSL help site uses Let's Encrypt certs.
@chainagents Browsers will cache cert intermediates so if you had them wrong during first check it may have persisted until cache clears.
