My cert is missing Root 1

SSLCACertificateFile is for client authentication, so unless you're issuing client certificates to your users so they can access certain parts of your website like it is described here, you shouldn't use that directive.

The SSLCertificateChainFile directive is deprecated since Apache version 2.4.8. So unless you're using an Apache older than that (i.e., 2.2 or 2.4.7 or older), you should use what is called a "bundle" file: the end user certificate as wel as the intermediate certificate in one file. The client certbot offers this bundle through the file fullchain.pem. This bundle should be used in SSLCertificateFile. Of course, for all the older Apaches you should just keep using SSLCertificateChainFile.

3 Likes