LE Certificate Error (Firefox only)

mau · January 11, 2016, 12:57pm

Hi all,

Have you ever encountered that LE certificate has problem with firefox browser? it encounters

This Connection is Untrusted

You have asked Firefox to connect securely to $domain.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

But in Google chrome and Internet Explore my LE SSL certificate works OK. Thanks again!

pfg · January 11, 2016, 1:03pm

Make sure your web server is serving the intermediate certificate (i.e. use fullchain.pem or chain.pem in your configuration, depending on your web server software).

It’s possible that Chrome/IE has previously seen and cached the intermediate certificate from some other site using Let’s Encrypt, while Firefox hasn’t.

You can check for chain issues through SSL Labs.

mau · January 11, 2016, 1:10pm

Hi pfg,

I used this configuration in my running web server, specifically nginx. Ok Thanks for the advise again

ssl on;
ssl_certificate /etc/letsencrypt/live/$domain/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;

pfg · January 11, 2016, 1:14pm

This should be:

ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;

Take a look at the Mozilla SSL configuration generator for other things you might want to add.

mau · January 11, 2016, 1:19pm

Great Its working now. Thanks again PFG !!!