Problem with safari browser since last cert. update!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:literaturhaus.at,www.literaturhaus.at

I ran this command::certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'literaturhaus.at,*.literaturhaus.at'

It produced this output:

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): debian jessie v8

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.9.0

i have a problem with all safari browsers on all platforms (iphone mac os x), since the last update on 29.9.2021. every other system works perfect, firefox, chrome, microsoft edge.
also on mac os x with firefox installed it's not a problem.

i checked the certifcate on the safari browser and it's still the old one, which is expired on 29.9.2021.
the message in the safari browser is "this connection is not private"

has anyone an idea, or the same problem ?

1 Like

That version has been deprecated and should be removed.
Switch to certbot (or the snap version of certbot) or any other newer and maintained ACME client.

Your site appears to serving the cert.pem file [which has no chain in it]
It should be serving the fullchain.pem file.

openssl s_client -connect literaturhaus.at:443 -servername literaturhaus.at
CONNECTED(00000005)
depth=0 CN = literaturhaus.at
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = literaturhaus.at
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:CN = literaturhaus.at
   i:C = US, O = Let's Encrypt, CN = R3
---
1 Like

thanxs for that great solution. the certbot-auto (1.9.0) works with the safari browser. the problem was that i have not loaded the fullchain.pem cert in the apache conf.

1 Like

Which is exactly what was pointed out:

1 Like

yes, i know, thank you very much for your solution.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.