Mobil devices SSL fail


#1

Hello!
I have installed Let’s Encrypt on my server (Ubuntu 16.04), i configure my certs on apache2,
I use this to configure

SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/softlinex.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/softlinex.net/privkey.pem

    <FilesMatch "\.(php|py)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

When i access to my page from computer all works very well, but when i try do it from a mobil device (smart phone, tablet) i have and error saying “this connection is not verified”

What i need chage to solve id.

Thanks for your help and sorry for my English


#2

You need to include the chain.pem or fullchain.pem

If you have apache < 2.8 then use

SSLCertificateFile /etc/letsencrypt/live/softlinex.net/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/softlinex.net/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/softlinex.net/privkey.pem

if you have apache > 2.8 then use

SSLCertificateFile /etc/letsencrypt/live/softlinex.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/softlinex.net/privkey.pem

You will need to reload apache once you have made the changes.


#3

Hi,

You need the intermediate certificate, which confirms to clients that Let’s Encrypt is a real certificate authority. You can check this with https://www.ssllabs.com/ssltest/; be sure that your configuration refers to fullchain.pem (for newer versions of Apache) or chain.pem (for older versions).


#4

That works fine for me!

Thanks!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.