Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
builtin
The operating system my web server runs on is (include version):
OSX 10.11.5
My hosting provider, if applicable, is:
self
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
v3.0.1
I have the issue on all mac servers that the R3 isnt tusted an no devices can conect to the server
people suggest pointing to the fullchain.pem ? ? but i do not have this after trying to renew the files ai have are
-rw-r--r-- 1 admin staff 3751 11 Aug 00:15 ca.cer
-rw-r--r-- 1 admin staff 5658 11 Aug 00:15 fullchain.cer
-rw-r--r-- 1 admin staff 1907 11 Aug 00:15 name.domain.com.au.cer
-rw-r--r-- 1 admin staff 649 11 Aug 00:15 name.domain.com.au.conf
-rw-r--r-- 1 admin staff 1041 11 Aug 00:15 name.domain.com.au.csr
-rw-r--r-- 1 admin staff 252 11 Aug 00:15 name.domain.com.au.csr.conf
-rw-r--r-- 1 admin staff 1675 17 Aug 2020 name.domain.com.au.key
bash
The server itself says DST Root CA X3 "certificate has expired"
none of the exchange mail clients on phone or using browser can login to the webserver help !
The content of your fullchain.cer might be the same as we are expecting in fullchain.pem - it should contain the PEM-encoded chain of certificates from name.domain.com.au issued by our R3 intermediate, the intermediate itself issued by our X1 root, and that root, issued by DST3.
Try this command, and paste the output: openssl crl2pkcs7 -nocrl -certfile "fullchain.cer" | openssl pkcs7 -noout -print_certs
It did, all i had to do was change the import to point to fullchain.cer and all was gravy on all platforms, thanks so much, moving forward will this need to change back ? Is it a temporary measure?
The answer here depends heavily on the platform of those connecting to your site. Our root X1 is directly trusted in the largest root stores. We aim for our root X2 to be the same. Different platforms have different methods and timelines of updating their trusted root stores. So I would like to hope that this is temporary - but it depends on how long you would like to support the long-tail of your client's platforms.
I'm an artist who runs their own website and this issue has taken up my whole day. I know nothing about code or ssl or any of this kind of stuff. I just need my website to work because I'm losing sales. Help!!! Everyone I know with an Apple product can't access my site. If I buy a completely new SSL and install it own google who hosts my website,
will this fix the problem?
If you have access to the HOSTING provider this is the peoeple that host your WWW files, you need to ask them to import the fullchain.pem or fullchain.cer of the existing certificate to get you back on your feet immediately ...
I've been on the phone with GoDaddy for hours and they say they can't fix it. It's with Etsy's 3rd party app - Pattern because that's where my website template is.
if you are PAYING etsy / Pattern i suggest you get them to sort it out - this is why you pay them ans they provide a service, It shouldnt be on you to re-do your whole site ...
