If Apache is failing to start after only changing the certificate file then clearly the file you are pointing to is now wrong. Please provide a screenshot of the Task Parameters settings in your Deploy to Apache task settings and confirm which files you are currently referring to in your Apache config and using which directives.
Thanks, your Certify settings look ok so you would have to find a way to get more diagnostic information from Apache, meanwhile you can revert to your main certificate file as you had previously. You can email support {at} certifytheweb.com if you wish to discuss/debug any technical aspects in private. We're in Australia, so it's likely our timezones don't match up but happy to answer questions over the weekend.
Note that you can also use the Export Certificate tasks for more fine-grained export of certificate components and you just need to save the managed certificate settings and click Play next to the task (you don't need to re-request the cert each time).
[Just double check that the output files do exist and if so, open them up and have a look, your fullchain file will have multiple certificate sections and the first one will be your primary/lead certificate and the others are intermediates etc - you can use Report URI: PEM Decoder to check]
@rg305 that's a good reminder, fixing that quirk is a potentially breaking change that we're reserving for our next major release. Some folks rely on it for various proprietary and less common server types, we also offer an alternative Export Certificate task which has many options for which things to include in which bundle.
Is this root cert thing a real problem that may lead to the crash in Apache?
Or is this just an unclean thing that should be solved in the future?
Is it possible to just remove the third cert and then test it again?
I have read all the documentation from Certify the Web and Apache but have to admit that I am still lost.
I am also curious if this really could be a cause for my original problem. Again, it already seems to work on some machines/ISPs but on other coperate networks it was considered to be insecure. Could this be the cause of this the the certificate file is incomplete?
Thanks a lot for your help. I really hope that I can close this topic soon. -_-
Not sure what the red link symbol means but at least the Apache server starts again and the SSL checker tool at https://www.digicert.com/help/ now likes the TLS certificate.
I will be able to test this again on the other networks in the next days.
Didn't I answer this like 30 posts ago? The correct configuration is to have SSLCertificateFile point to a single file that includes your leaf cert plus any intermediate certs, but not the root cert. If that's confusing or unclear, I'd like to know how, because it seems really clear to me.