Invalid Intermediate error - whynopadlock

My domain is: saintly.com.au

I ran this command: Test Results: www.saintly.com.au - Why No Padlock?

It produced this output: Invalid Intermediate

My web server is (include version): Apache 2.4.51

The operating system my web server runs on is (include version): Debian Bullseye (11.1)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.20.0

I'm unclear where I've gone wrong in my setup. It is an upgraded system where I've just re-enabled the apache server, even though the certs for www have been around for a while. When I look at the certificate tree I see the blow, and my browser (Chrome) shows all certs are valid.

host# openssl s_client -CApath /etc/ssl/certs/ -connect www.saintly.com.au:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.saintly.com.au
verify return:1
---
Certificate chain
0 s:CN = www.saintly.com.au
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3

You haven't.
WhyNoPadLock seems to be showing that same error for any site using the long/default chain.
Even this very site and also their own site: Test Results: whynopadlock.com - Why No Padlock?

1 Like

That's something at least. Chrome on my Mac is showing the warning too (i.e. the padlock for (say) the LE site shows whereas a red triangle with a white exclamation mark is on saintly.com.au)...

You may need to update Chrome and/or the OS root trust store.

1 Like

Thanks - whilst I thought Chrome was current it was slightly out of date. A relaunch fixed the issue.

1 Like