Invalid Intermediate

I’m having problems in my google adwords.
I block campaign by saying that I have malware.
From my host they say that my SSL certificate has errors.

I check in https://www.whynopadlock.com/
My site
https://www.ifmerchandising.com.ar/

But I get this result:
Invalid Intermediate
You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.

My certificate is done with https://zerossl.com/free-ssl/#csr and https://gethttpsforfree.com

How can I solve that?

My domain is:
https://www.ifmerchandising.com.ar/

I ran this command:

It produced this output:
https://www.whynopadlock.com/

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

How did you get the certificate?
Which program did you use?

Which cert file are you using?

You site is not providing the intermediate cert.

This is not about the certificate, but about your installation/configuration I believe. It looks like you are using Nginx, so having the certificate and the key referenced in the server block as:

  ssl_certificate      ssl/domain.crt;
  ssl_certificate_key  ssl/domain.key;

should be sufficient (if ssl/ path exists under /etc/nginx and you are storing certificates there), provided that domain.crt contains both yours and the intermediate certificate (which is the case for ZeroSSL generated certificates by default, unless you have edited it).

NB: Please note that this is not the only issue you may need to take care of.

Hi @leospinetto

your certificate is correct:

CN=www.ifmerchandising.com.ar
	17.04.2019
	16.07.2019
expires in 90 days	
ifmerchandising.com.ar, www.ifmerchandising.com.ar - 2 entries

Both connections are secure.

But both connections have an incomplete chain:

Chain - incomplete
1 CN=www.ifmerchandising.com.ar

The correct result must be something like

|Chain (complete)||1|CN=*.server-daten.de|
| — | — | — | — |
|||2|CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US|

Perhaps use the fullchain.pem - file, not the cert.pem file.

The fullchain.pem has both certificates - yours and the Letsencrypt intermediate certificate.

I used https://zerossl.com/ and CSR and https://gethttpsforfree.com/

OK perfect. Thanks!
How do I get that file?
I used https://zerossl.com/ and CSR and https://gethttpsforfree.com/

If you use one of these tools you should have these files:

privkey / cert / chain / fullchain - perhaps with different names.

fullchain should have two certificates.

I think I finally did it, thank you very much for your help, I will try to activate google again.

I do not know I thought that offering this to clients would not bring me so many problems. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.