Install letsencrypt ssl on SmarterAsp hosted site


#1

Please fill out the fields below so we can help you better.

My domain is: fin.moah.co

I ran this command:

  1. certbox-auto certonly --manual
    completed all stages, got 4 files: cert.pem, chain.pem,fullchain.pem,privkey.pem
  2. I am following suggestion
    https://community.letsencrypt.org/t/combining-key-and-certificate-into-a-pkcs12-file/21113:
    openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
    (noticed that it isn’t referring to fullchain.pem)
    3.loaded it to my site on SmarterAsp
  3. the site work fine on desktop but not on android
    5 checked with :https://www.sslshopper.com/ssl-checker.html#hostname=fin.moah.co
    and got an error:
    The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.

how can i fix it?

It produced this output:

My operating system is (include version):
Microsoft-IIS/8.5
My web server is (include version):
IIS
My hosting provider, if applicable, is:
SmarterAsp
I can login to a root shell on my machine (yes or no, or I don’t know):
no


#2

Did you run that openssl pkcs12 command from the right directory? Because your server is sending an intermediate certificate, but it’s an old one: Let's Encrypt Authority X1.

Currently, Let’s Encrypt is using Let's Encrypt Authority X3. Subtle difference (1 -> 3), but very important.

So the question is: where did the chain.pem used by you for your openssl pkcs12 command come from? Did you run it from the /etc/letsencrypt/fin.moah.co/live/ directory?

Although it could also be an IIS problem. I can remember trouble with the intermediate certificates and IIS. But I don’t know any more than that, you should be able to find more on this forum about it.


#3

Hi @MosheLevi,

As @Osiris commented:

It could be a cache problem on IIS, take a look to this thread IIS 8.5 building incorrect chain with Lets Encrypt Authority X3

Cheers,
sahsanu


#4

Hi
Based on your advice, I asked smarterASP to remove Let’s Encrypt Authority X1 from the server Certificate Store
this solved the problem
10x


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.