Invalid certificate on mobile, works on desktop


#1

My site is in a shared VPS.

The domain for which I’ve got the let’s encrypt certificate is goblinsama.eu

Visiting the site from desktop works fine: Chrome 52 @ OS X 10.11.

Visiting the site from mobile doesn’t: Chrome 55 @ Android 6.0.1 (cm 13) complains that the certificate is invalid.


#2

You haven’t included the full chain file in your configuration.


#3

I’m sorry but I have no clue what this means.

Here’s the apache settings:

SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/goblinsama.eu/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/goblinsama.eu/privkey.pem"

#4

Change cert.pem to fullchain.pem

Most likely that fixes it. If you have a much older version of Apache, that won’t work and you need an additional SSLCertificateChainFile configuration pointing to “/etc/letsencrypt/live/goblinsama.eu/chain.pem”

The extra certificates in these files form a “chain” between your certificate from Let’s Encrypt, and the roots trusted by web browsers. Long ago nobody did this, but these days almost all certificates everywhere use a chain because it controls the risk for the root Certificate Authorities.

When your server doesn’t send a chain, the browser must improvise, so sometimes it will work and sometimes not. So you should always configure the server to send the chained “intermediate” certificates as above.


#5

I think you are on apache 2.2.22 so should be

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/goblinsama.eu/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/goblinsama.eu/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/goblinsama.eu/privkey.pem

If you have apache >= 2.4.8 then it’s different :wink:


#6

That’s correct, it worked, thanks!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.