Non Verified Connection


#1

I have a site that was hosted at OVH, that handled Let’s Encrypt certificates automatically. A couple of days ago, I have moved to Amazon Web Services, and (obviously) i had to handle the certificates myself.
Before the migration everything went perfect, and after that i thought it was going perfect too, the certificates issued perfectly, and my browser detected it correctly. The problem is that some users have reported that they are having some issues with the certificate. It says that the website is non-secure. And I’ve seen myself that I’m getting the same error in Firefox running in my smartphone (Chrome in my smartphone works fine). The error i see is:
‘SEC_ERROR_UNKNOWN_ISSUER’.
Any idea?

Please fill out the fields below so we can help you better.

My domain is: https://clubskodakodiaq.com and https://www.clubskodakodiaq.com

I ran this command: ./certbot-auto certonly --webroot -w /var/www/html/clubskodakodiaq -d clubskodakodiaq.com -d www.clubskodakodiaq.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/clubskodakodiaq.com.conf)

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for clubskodakodiaq.com
http-01 challenge for www.clubskodakodiaq.com
Using the webroot path /var/www/html/clubskodakodiaq for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/clubskodakodiaq.com/fullchain.pem. Your cert
    will expire on 2017-07-20. To obtain a new or tweaked version of
    this certificate in the future, simply run certbot-auto again. To
    non-interactively renew all of your certificates, run
    "certbot-auto renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My operating system is (include version): Amazon Linux:
Uname -a
Linux 4.4.51-40.58.amzn1.x86_64 #1 SMP Tue Feb 28 21:57:17 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

My web server is (include version): nginx version: nginx/1.10.2

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

I forgot to say that I tried to renew the certificate (in case there was something wrong with it), that seemed to go well, but nothing changed in the browsers.


#3

Hello @jordii84,

Your problem is that you have not configured your webserver to include the intermediate certificate. Your nginx SSlCertificateFile directive should point to fullchain.pem instead of cert.pem. Once changed, restart or reload nginx and try again.

Cheers,
sahsanu


#4

hello @sahsanu, thank you for your answer.
It seems it has corrected the issue. Thank you so much!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.