Invalid Intermediate


I’m having problems in my google adwords.
I block campaign by saying that I have malware.
From my host they say that my SSL certificate has errors.

I check in
My site

But I get this result:
Invalid Intermediate
You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.

My certificate is done with and

How can I solve that?

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


How did you get the certificate?
Which program did you use?

Which cert file are you using?

You site is not providing the intermediate cert.


This is not about the certificate, but about your installation/configuration I believe. It looks like you are using Nginx, so having the certificate and the key referenced in the server block as:

  ssl_certificate      ssl/domain.crt;
  ssl_certificate_key  ssl/domain.key;

should be sufficient (if ssl/ path exists under /etc/nginx and you are storing certificates there), provided that domain.crt contains both yours and the intermediate certificate (which is the case for ZeroSSL generated certificates by default, unless you have edited it).

NB: Please note that this is not the only issue you may need to take care of.


Hi @leospinetto

your certificate is correct:
expires in 90 days, - 2 entries

Both connections are secure.

But both connections have an incomplete chain:

Chain - incomplete

The correct result must be something like

|Chain (complete)||1|CN=*|
| — | — | — | — |
|||2|CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US|

Perhaps use the fullchain.pem - file, not the cert.pem file.

The fullchain.pem has both certificates - yours and the Letsencrypt intermediate certificate.


I used and CSR and


OK perfect. Thanks!
How do I get that file?
I used and CSR and


If you use one of these tools you should have these files:

privkey / cert / chain / fullchain - perhaps with different names.

fullchain should have two certificates.


I think I finally did it, thank you very much for your help, I will try to activate google again.

I do not know I thought that offering this to clients would not bring me so many problems. :slight_smile: