Intermediate certificate

Hello community,

I have following problem with my Let'sEncrypt certificate and I hope that someone can help me, please.

I created via certbot command below a privatekey and a fullchain.pem certificate on my local machine. Then i upload the files to my hosting providers control panel and install them. Works fine so far.

BUT now i got the feedback the some people are facing a security warning when opening the domain.
I made a check and I found out the there is an issue with the Intermediate certificate.

"The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate."

Can anybody help me and give me some hints (in easy word) how to fix this issue, please.

Thanks in advance.

Domain: www.schusser-oeg.at

I ran this command: sudo certbot certonly --manual --preferred-challenges http -d www.schusser-oeg.at

It produced this output: privatekey.pem, fullchain.pem

My web server is (include version): appache

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31

1 Like

Your site is indeed not sending an intermediate certificate. While fullchain.pem does actually include the entire chain (thus including the intermediate cert), your control panel doesn't seem to be using it. Maybe the "Yes" control panel also offers a separate upload possibility for the chain, separate from the certificate itself?

3 Likes

Hi,
oh... its not a "Yes" panel. :wink: It is a panel from A1 provider.
On that panel there is the section to upload the fullchan.pem and the privatekey.pem.

There is one button to install new Certificate and another button to install new CA-Certificate.
I always use the Install new Certificate Button. More SSL related options I cannot find. I dont know what CA means.

Do you think I should use the CA Button to install the certificate?
Or do you have any other hints?

thanks!

2 Likes

Hi @Mike1234 and welcome to the LE community forum :slight_smile:

You should ask the provider of that panel.
[I don't think anyone here would know better]

2 Likes

Ok thanks. I will contact my provider.

2 Likes

You might need to:

  • Upload cert.pem using "Install new Certificate" and;
  • Upload chain.pem using "Install new CA-Certificate".

But that's just a wild guess.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.