Problem with safari browser since last cert. update!

diz · October 5, 2021, 6:23pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:literaturhaus.at,www.literaturhaus.at

I ran this command::certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'literaturhaus.at,*.literaturhaus.at'

It produced this output:

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): debian jessie v8

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.9.0

i have a problem with all safari browsers on all platforms (iphone mac os x), since the last update on 29.9.2021. every other system works perfect, firefox, chrome, microsoft edge.
also on mac os x with firefox installed it's not a problem.

i checked the certifcate on the safari browser and it's still the old one, which is expired on 29.9.2021.
the message in the safari browser is "this connection is not private"

has anyone an idea, or the same problem ?

rg305 · October 5, 2021, 8:19pm

That version has been deprecated and should be removed.
Switch to certbot (or the snap version of certbot) or any other newer and maintained ACME client.

Your site appears to serving the cert.pem file [which has no chain in it]
It should be serving the fullchain.pem file.

openssl s_client -connect literaturhaus.at:443 -servername literaturhaus.at
CONNECTED(00000005)
depth=0 CN = literaturhaus.at
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = literaturhaus.at
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:CN = literaturhaus.at
   i:C = US, O = Let's Encrypt, CN = R3
---

diz · October 6, 2021, 12:27pm

thanxs for that great solution. the certbot-auto (1.9.0) works with the safari browser. the problem was that i have not loaded the fullchain.pem cert in the apache conf.

rg305 · October 6, 2021, 4:01pm

Which is exactly what was pointed out:

diz · October 6, 2021, 9:35pm

yes, i know, thank you very much for your solution.

system · November 5, 2021, 9:35pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certifications won't work anymore! Help	3	920	October 30, 2021
Ssl certificate not working on multisite safari Help	2	551	June 11, 2022
容器部署脚本申请ssl证书，直接报错了 Help	26	1427	March 11, 2023
New SSL certificate Help	2	450	November 3, 2019
Ssl certificate not accepted as trusted on some browsers Help	25	1105	June 18, 2022

Problem with safari browser since last cert. update!

Related topics