I was attempting to use the https://www.hardenize.com/ site to validate my apache24 server on a FreeBSD 12 machine. Unfortunately, it is reporting a problem. I have the certificates installed as follows:
SSLCertificateFile "/usr/local/etc/letsencrypt/live/seibercom.net/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/seibercom.net/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/seibercom.net/fullchain.pem"
I have attached a screen shot of the output from "https://www.hardenize.com/"
This is what they claim is the problem:
Poorly constructed certificate chain This server is not configured with a correct certificate chain. The possible problems include missing certificates, incorrect certificate order, or unrelated certificates present in the chain. In a correct chain, one certificate is immediately followed by its parent. The final, root, certificate can be omitted. This problem is often difficult to troubleshoot because some clients know how to reconstruct a chain starting with the leaf. Although this behavior is common in browsers, it cannot be relied upon in a general case.
--
Gerard